Техническая информация
- '%TEMP%\afolder\speak.exe' You are currently connected..
- '%TEMP%\afolder\speak.exe' -f ip.txt
- '%TEMP%\afolder\sounder.exe' %TEMP%\afolder\notify.wav
- '%TEMP%\ztmp\tmp1918.exe' j6NM4Cxfv3
- '%TEMP%\afolder\speak.exe' Checking your connection..
- '<SYSTEM32>\find.exe' "Reply from "
- '<SYSTEM32>\ping.exe' -n 1 www.google.com
- '<SYSTEM32>\findstr.exe' /R /C:"IP Address"
- '<SYSTEM32>\ipconfig.exe'
- '<SYSTEM32>\findstr.exe' SUCCESS
- '<SYSTEM32>\find.exe' "XP"
- '<SYSTEM32>\attrib.exe' +h %TEMP%\ztmp
- '<SYSTEM32>\taskkill.exe' /f /im pinger.exe /fi "memusage gt 40"
- '<SYSTEM32>\xcopy.exe' /y "rasphone.pbk" "%ALLUSERSPROFILE%\Application Data\Microsoft\Network\Connections\Pbk" /i
- %TEMP%\afolder\ip.txt
- %TEMP%\afolder\speak.exe
- %TEMP%\ztmp\tmp2795.bat
- %APPDATA%\Microsoft\Speech\Files\UserLexicons\SP_1BA1F71543F74BA8BE31B79D11B7CA8F.dat
- %TEMP%\ztmp\tmp1918.exe
- %TEMP%\afolder\chimes.wav
- %TEMP%\afolder\art.txt
- %TEMP%\afolder\notify.wav
- %TEMP%\afolder\sounder.exe
- %TEMP%\afolder\rasphone.pbk
- DNS ASK www.google.com
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: 'CicLoaderWndClass' WindowName: ''
- ClassName: '' WindowName: ''