Technical Information
- '%WINDIR%\dashidingshidshuen.exe'
- '%WINDIR%\补丁.exe'
- '<SYSTEM32>\attrib.exe' -a -s -r -h <SYSTEM32>\GroupPolicy\gpt.ini
- '<SYSTEM32>\attrib.exe' +s +a +r +h <SYSTEM32>\GroupPolicy\gpt.ini
- '<SYSTEM32>\gpupdate.exe' /force
- '<SYSTEM32>\wscript.exe' "%WINDIR%\123.vbs"
- '<SYSTEM32>\attrib.exe' -a -s -r -h <SYSTEM32>\GroupPolicy\User\Scripts\scripts.ini
- '<SYSTEM32>\attrib.exe' +s +a +r +h <SYSTEM32>\GroupPolicy\User\Scripts\scripts.ini
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\091218ding[1].html
- <SYSTEM32>\GroupPolicy\User\Scripts\scripts.ini
- <SYSTEM32>\GroupPolicy\User\Scripts\Logon\system.exe
- <SYSTEM32>\GroupPolicy\gpt.ini
- %WINDIR%\123.vbs
- %WINDIR%\补丁.exe
- %WINDIR%\dashidingshidshuen.exe
- %WINDIR%\system.exe
- %WINDIR%\123.BAT
- <SYSTEM32>\GroupPolicy\gpt.ini
- <SYSTEM32>\GroupPolicy\User\Scripts\scripts.ini
- 'ta####.fstgw.com':80
- 'localhost':1036
- ta####.fstgw.com/091218ding.html
- DNS ASK ta####.fstgw.com
- ClassName: 'MS_AutodialMonitor' WindowName: '(null)'
- ClassName: 'MS_WebcheckMonitor' WindowName: '(null)'
- ClassName: 'EDIT' WindowName: '(null)'
- ClassName: 'Shell_TrayWnd' WindowName: '(null)'