Техническая информация
- '%TEMP%\rundll32.jpg' "%APPDATA%\c_4237.nls",i
- '%TEMP%\cmd.jpg' /c del /f "<Полный путь к вирусу>"
- '%TEMP%\cmd.jpg' /c %TEMP%\\rundll32.jpg "%APPDATA%\c_4237.nls",i
- '<SYSTEM32>\route.exe' add 111.111.111.0 mask 255.255.255.0 10.0.0.2 metric 10 if 0x2
- %APPDATA%\c_4237.nls
- %TEMP%\c_4237.nls.ini
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\stat[1].php
- %TEMP%\cmd.jpg
- %TEMP%\rundll32.jpg
- %TEMP%\c_4237.nls.bak
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\stat[1].php
- %TEMP%\c_4237.nls.ini
- '11#.#21.166.154':80
- 11#.#21.166.154/stats/stat.php?m=###############################
- DNS ASK cl#####.duba.kingsoft.com
- DNS ASK sc##.##ba.kingsoft.com
- DNS ASK qu#.#h-lb.com
- DNS ASK up##.f.360.cn
- DNS ASK up.#.360.cn