Техническая информация
- %HOMEPATH%\Start Menu\Programs\Startup\GooglServics.lnk
- '<SYSTEM32>\wscript.exe' "<Текущая директория>\R.vbs"
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\YPORKZYZ\snwd[1].php
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\2VAZY7AN\snwd[1].php
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\snwd[2].php
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\2VAZY7AN\snwd[2].php
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\U98D4X8H\snwd[2].php
- <Текущая директория>\R.vbs
- <Текущая директория>\cnf.txt
- <Текущая директория>\GooglServics.lnk
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\U98D4X8H\snwd[1].php
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\snwd[1].php
- 'es###leus.org':80
- 'localhost':1036
- es###leus.org/venus/snwd.php?tp#############################################################################################################################
- DNS ASK es###leus.org