Техническая информация
- <SYSTEM32>\cmd.exe /c "%TEMP%\MSBV4$$$$.bat"
- %TEMP%\guid.txt
- %TEMP%\MSBV4$$$$.bat
- %APPDATA%\MSBV4\check.ini
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\69I9OPW5\guid[1].php
- %TEMP%\guid.txt
- %APPDATA%\MSBV4\check.ini
- 'localhost':1037
- 'to#.##sidebar.co.kr':80
- 'www.go###rans.kr':80
- to#.##sidebar.co.kr/app/guid.php
- to#.##sidebar.co.kr/app/ver.php?ta#############
- www.go###rans.kr/v4/set/end.php
- to#.##sidebar.co.kr/app/set.php
- www.go###rans.kr/v4/set/begin.php
- DNS ASK to#.##sidebar.co.kr
- DNS ASK www.go###rans.kr