Техническая информация
- "%TEMP%\sm04.exe" (загружен из сети Интернет)
- <SYSTEM32>\cmd.exe /c \DelUS.bat
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\69I9OPW5\smart04[1].exe
- %TEMP%\nso3.tmp\DownExecute.dll
- %TEMP%\sm04.exe
- C:\DelUS.bat
- %TEMP%\nso3.tmp\SelfDelete.dll
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\69I9OPW5\getrun_exe[1].php
- %TEMP%\nso3.tmp\System.dll
- %TEMP%\nso2.tmp
- %TEMP%\nso3.tmp\Math.dll
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\69I9OPW5\insert[1].php
- %TEMP%\nso3.tmp\DLLWebCount.dll
- %TEMP%\nso3.tmp\Math.dll
- %TEMP%\nso3.tmp\SelfDelete.dll
- %TEMP%\nso3.tmp\System.dll
- %TEMP%\nso3.tmp\DownExecute.dll
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\69I9OPW5\insert[1].php
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\69I9OPW5\getrun_exe[1].php
- %TEMP%\nso3.tmp\DLLWebCount.dll
- 'localhost':1041
- 'up#.##art119.co.kr':80
- 'pi###oft.org':80
- 'en##ew.com':80
- en##ew.com/liteyellowline/getinfo/getrun_exe.php?pi######################################################################
- up#.##art119.co.kr/download/Install/smart119/pid/smart04/smart04.exe
- pi###oft.org/counter/insert.php?db####################################################################
- en##ew.com/liteyellowline/getinfo/getrun_exe.php?pi#############################################
- DNS ASK up#.##art119.co.kr
- DNS ASK en##ew.com
- DNS ASK pi###oft.org