Техническая информация
- <SYSTEM32>\cmd.exe /c %TEMP%\tmp.bat
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\U98D4X8H\news4003[1].htm
- %TEMP%\tmp.bat
- %TEMP%\tmp.tmp
- <SYSTEM32>\wbem\Performance\WmiApRpl_new.ini
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\downloader[1].gif
- %TEMP%\tmp.bat
- %TEMP%\tmp.tmp
- 'ms#.#lone.cn':80
- 'localhost':1035
- ms#.#lone.cn/html/agentcfg/news4003.htm
- ms#.#lone.cn/html/downloader.gif
- DNS ASK ms#.#lone.cn