Техническая информация
- '<SYSTEM32>\JBaEnQ.exe' <SYSTEM32>\ARFjkV7.exe http://x1.#3cc.cn/dw/down7.exe
- '<SYSTEM32>\pTfVXt.exe' <SYSTEM32>\cVzQVd7.exe http://x5.#3cc.cn/dw/down7.exe
- '<SYSTEM32>\pmIhwx.exe' showauto<SYSTEM32>\TPSRQKkz.dll
- '<SYSTEM32>\ping.exe' -n 5 127.0.0.1
- '<SYSTEM32>\cmd.exe' /c <SYSTEM32>\DelCAD.bat
- <SYSTEM32>\JBaEnQ.exe.tmp
- <SYSTEM32>\DelCAD.bat
- <SYSTEM32>\ARFjkV7.exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\U98D4X8H\down7[1].exe
- <SYSTEM32>\pTfVXt.exe.tmp
- <SYSTEM32>\pmIhwx.exe
- <SYSTEM32>\cVzQVd7.exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\down7[1].exe
- <SYSTEM32>\ARFjkV7.exe
- <SYSTEM32>\JBaEnQ.exe
- <SYSTEM32>\cVzQVd7.exe
- <SYSTEM32>\pTfVXt.exe
- <SYSTEM32>\JBaEnQ.exe.tmp в <SYSTEM32>\JBaEnQ.exe
- <SYSTEM32>\pTfVXt.exe.tmp в <SYSTEM32>\pTfVXt.exe
- 'localhost':1040
- 'x1.#3cc.cn':80
- 'localhost':1037
- 'x5.#3cc.cn':80
- x1.#3cc.cn/dw/down7.exe
- x5.#3cc.cn/dw/down7.exe
- DNS ASK x1.#3cc.cn
- DNS ASK x5.#3cc.cn