Техническая информация
- %TEMP%\Loader_forqiqi_9177.exe /S
- %TEMP%\FunshionInstall.exe /S
- %TEMP%\updata.exe
- %TEMP%\Loader_forqiqi_9177.exe (загружен из сети Интернет)
- %TEMP%\FunshionInstall.exe (загружен из сети Интернет)
- <SYSTEM32>\attrib.exe +s +h "<Имя диска съемного носителя>:\fontpage"
- <SYSTEM32>\cmd.exe /c ""%TEMP%\3.tmp\encrypt.bat" "
- %TEMP%\3.tmp\encrypt.bat
- %TEMP%\FunshionInstall.exe
- %TEMP%\Loader_forqiqi_9177.exe
- %TEMP%\nsq2.tmp\NSISdl.dll
- %TEMP%\nsq2.tmp\System.dll
- %TEMP%\23
- %TEMP%\updata.exe
- %TEMP%\nsq2.tmp\NSISdl.dll
- %TEMP%\nsq2.tmp\System.dll
- %TEMP%\FunshionInstall.exe
- %TEMP%\Loader_forqiqi_9177.exe
- 'cp#.#1pos.com':80
- 'ne#####.funshion.com':80
- cp#.#1pos.com/Loader_forqiqi_9177.exe
- ne#####.funshion.com/download/silent/67230/FunshionInstall.exe
- DNS ASK cp#.#1pos.com
- DNS ASK ne#####.funshion.com
- ClassName: 'Shell_TrayWnd' WindowName: ''