Technical Information
- <SYSTEM32>\cacls.exe "%ALLUSERSPROFILE%\╫└├ц" /g everyone:r
- <SYSTEM32>\regini.exe c:\regset.ini
- <SYSTEM32>\cacls.exe "%HOMEPATH%\╫└├ц" /g everyone:r
- <SYSTEM32>\net.exe stop sharedaccess
- <SYSTEM32>\net1.exe stop sharedaccess
- %TEMP%\superec.ProcessMemory.sys
- C:\regset.ini
- %TEMP%\CFРЎўаёДЗ№7.1.exe
- %TEMP%\118.exe
- 'www.xi###awg.com':80
- 'qq.##5tl.com':9898
- www.xi###awg.com/xiaobagaiqiang.txt
- DNS ASK www.xi###awg.com
- DNS ASK qq.##5tl.com
- ClassName: 'Shell_TrayWnd' WindowName: ''