Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'Alerter' = '%WINDIR%\Superxiaowang.exe'
- %HOMEPATH%\Start Menu\Programs\Startup\SuperQidong.vbs
- %WINDIR%\Superxiaowang.exe
- <SYSTEM32>\cmd.exe /c %WINDIR%\i.bat
- <SYSTEM32>\cmd.exe /c %WINDIR%\xwcmd.bat
- %WINDIR%\xwcmd.bat
- %WINDIR%\xwxt.txt
- %WINDIR%\Superxiaowang.exe
- %WINDIR%\i.bat
- 'by###3.3322.org':3306
- DNS ASK by###3.3322.org