Техническая информация
- '<SYSTEM32>\net.exe' stop alg /y
- '<SYSTEM32>\net1.exe' stop policyagent
- '<SYSTEM32>\net1.exe' stop alg /y
- '<SYSTEM32>\cmd.exe' /c ""c:\winsock.bat" "
- '<SYSTEM32>\net.exe' stop policyagent
- '<SYSTEM32>\net.exe' stop sharedaccess
- '<SYSTEM32>\net1.exe' stop sharedaccess
- C:\winsock.bat
- C:\yyy9621
- C:\yyy9621
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\YPORKZYZ\index[1]
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\U98D4X8H\index[1]
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\U98D4X8H\ic[1].asp
- C:\winsock.bat
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\index[1]
- 'ip##8.com':80
- '22#.#86.42.227':666
- '22#.#86.42.227':622
- '22#.#86.42.227':32113
- 'ip.#q.com':80
- '20####07.ip138.com':80
- ip##8.com/ips138.asp?ip##########
- 20####07.ip138.com/ic.asp
- ip.#q.com/cgi-bin/index
- DNS ASK ip##8.com
- DNS ASK 20####07.ip138.com
- DNS ASK ip.#q.com