Техническая информация
- %PROGRAM_FILES%\360Safe\360safe.exe
- %PROGRAM_FILES%\360Safe\360tray.exe
- <SYSTEM32>\cmd.exe /c """%TEMP%\Del.bat"" "
- <SYSTEM32>\rundll32.exe "%PROGRAM_FILES%\dnf\lpmxejfac.dll" Start
- %PROGRAM_FILES%\dnf\lpmxejfac.dll
- <SYSTEM32>\zyshit4.dat
- <SYSTEM32>\zyshit.cfg
- %TEMP%\Del.bat
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\69I9OPW5\count[1].asp
- %PROGRAM_FILES%\360Safe\360tray.exe
- %PROGRAM_FILES%\360Safe\360safe.exe
- <SYSTEM32>\zyshit1.dat
- <SYSTEM32>\zyshit3.dat
- <SYSTEM32>\zyshit2.dat
- <SYSTEM32>\zyshit3.dat
- <SYSTEM32>\zyshit4.dat
- <SYSTEM32>\zyshit1.dat
- <SYSTEM32>\zyshit2.dat
- %PROGRAM_FILES%\360Safe\360tray.exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\69I9OPW5\count[1].asp
- %PROGRAM_FILES%\360Safe\360safe.exe
- 'pp###.#16.19821122.com':80
- pp###.#16.19821122.com/count.asp
- DNS ASK pp###.#16.19821122.com