Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'Maxthon3' = '%APPDATA%\Roaming\SQLAGENT.EXE'
- '%APPDATA%\Roaming\SQLAGENT.EXE'
- '%TEMP%\SQLAGENT.EXE'
- '%WINDIR%\Microsoft.NET\Framework\v2.0.50727\vbc.exe' /scomma %TEMP%\mail.txt
- '%WINDIR%\Microsoft.NET\Framework\v2.0.50727\vbc.exe' /scomma %TEMP%\ie.txt
- '<SYSTEM32>\tskill.exe' icq
- '%WINDIR%\Microsoft.NET\Framework\v2.0.50727\vbc.exe' /scomma %TEMP%\cho.txt
- '<SYSTEM32>\NOTEPAD.EXE' %TEMP%\Document.txt
- '%WINDIR%\Microsoft.NET\Framework\v2.0.50727\vbc.exe'
- '%WINDIR%\Microsoft.NET\Framework\v2.0.50727\vbc.exe' /scomma %TEMP%\msg.txt
- %WINDIR%\Microsoft.NET\Framework\v2.0.50727\vbc.exe
- ICQ.exe
- %TEMP%\FFPXOMEV@BVNSEUHJ.html
- %APPDATA%\Roaming\SQLAGENT.EXE
- %TEMP%\SQLAGENT.EXE
- %TEMP%\msg.txt
- %TEMP%\msg.txt
- 'ft#.###protocol.cu.cc':21
- DNS ASK dn#.##ftncsi.com
- DNS ASK ft#.###protocol.cu.cc
- ClassName: 'Indicator' WindowName: '(null)'
- ClassName: 'OleMainThreadWndClass' WindowName: '(null)'