Техническая информация
- %HOMEPATH%\Start Menu\Programs\Startup\3.exe
- '%TEMP%\3.exe'
- '%TEMP%\rtmpdump.exe'
- '<SYSTEM32>\mode.com' con:cols=70 lines=30
- '<SYSTEM32>\cmd.exe' /c ""%TEMP%\1.bat" "
- %TEMP%\rtmpdump.exe
- %TEMP%\aut3.tmp
- %TEMP%\3.exe
- %TEMP%\aut1.tmp
- %TEMP%\1.bat
- %TEMP%\aut2.tmp
- %TEMP%\aut3.tmp
- %TEMP%\aut2.tmp
- %TEMP%\aut1.tmp
- 'www.qz##.net':80
- 'cd#.#op4top.net':80
- 'wp#d':80
- www.qz##.net/01/2013-12/13874992361.jpg
- cd#.#op4top.net/i_d09ecff3441.jpg
- wp#d/wpad.dat
- DNS ASK www.qz##.net
- DNS ASK cd#.#op4top.net
- DNS ASK wp#d
- ClassName: 'Shell_TrayWnd' WindowName: '(null)'