Техническая информация
- '%TEMP%\mi3a.exe'
- '%TEMP%\mi3a.exe' (загружен из сети Интернет)
- '<SYSTEM32>\wermgr.exe' -queuereporting
- '<SYSTEM32>\taskhost.exe' $(Arg0)
- '<SYSTEM32>\rundll32.exe' "<SYSTEM32>\WININET.dll",DispatchAPICall 1
- C:\ProgramData\Microsoft\RAC\Temp\sql8516.tmp
- C:\ProgramData\Microsoft\RAC\Temp\sqlC5CE.tmp
- C:\ProgramData\Microsoft\RAC\Temp\sqlC5EE.tmp
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\73349749.server[1].exe
- %TEMP%\mi3a.exe
- C:\ProgramData\Microsoft\RAC\Temp\sql8536.tmp
- C:\ProgramData\Microsoft\RAC\Temp\sql8516.tmp
- C:\ProgramData\Microsoft\RAC\Temp\sql8536.tmp
- 'up####junkies.com':80
- up####junkies.com/uploads/73349749.server.exe
- DNS ASK up####junkies.com
- ClassName: 'Shell_TrayWnd' WindowName: '(null)'