Техническая информация
- <SYSTEM32>\cmd.exe /c <SYSTEM32>\ud.bat
- <SYSTEM32>\spoolsv.exe
- <SYSTEM32>\svcsam.dll
- <SYSTEM32>\p2psvcs.dll
- <SYSTEM32>\ud.bat
- %WINDIR%\Temp\~13785.tmp
- C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\CJCTQ25G\select_list_all_ok[1].php
- %WINDIR%\~slog.dat
- %APPDATA%\Microsoft\Protect\S-1-5-21-2052111302-484763869-725345543-1003\26da1813-b5f7-47d7-81e7-a7ebaf2d3e36
- %APPDATA%\Microsoft\Crypto\RSA\S-1-5-21-2052111302-484763869-725345543-1003\ec702f375e1b12d218f67ab9ef19ca23_23ef5514-3059-436f-a4a7-4cefaab20eb1
- %APPDATA%\Microsoft\Protect\S-1-5-21-2052111302-484763869-725345543-1003\Preferred
- 'ci#.#bo.co.kr':80
- 'localhost':1037
- ci#.#bo.co.kr/zero/select_list_all_ok.php?no##############################################################################
- DNS ASK ci#.#bo.co.kr