Техническая информация
- %WINDIR%\Tasks\At4.job
- %WINDIR%\Tasks\At5.job
- %WINDIR%\Tasks\At3.job
- %WINDIR%\Tasks\At1.job
- %WINDIR%\Tasks\At2.job
- '<SYSTEM32>\wscript.exe' "C:\window1\CRNJEUFU000000000001.vbs" 0
- '<SYSTEM32>\at.exe' 00:10 /every:m,t,w,th,f,s,su "C:\window1\CRNJEUFU000000000001.exe"
- '<SYSTEM32>\at.exe' 00:15 /every:m,t,w,th,f,s,su "C:\window1\CRNJEUFU000000000001.exe"
- '<SYSTEM32>\at.exe' 00:20 /every:m,t,w,th,f,s,su "C:\window1\CRNJEUFU000000000001.exe"
- '<SYSTEM32>\cmd.exe' /c C:\window1\CRNJEUFU000000000001.bat
- '<SYSTEM32>\at.exe' 00:00 /every:m,t,w,th,f,s,su "C:\window1\CRNJEUFU000000000001.exe"
- '<SYSTEM32>\at.exe' 00:05 /every:m,t,w,th,f,s,su "C:\window1\CRNJEUFU000000000001.exe"
- C:\window1\CRNJEUFU000000000001.vbs
- C:\window1\CRNJEUFU000000000001.bat
- C:\window1\CRNJEUFU000000000001.s
- %TEMP%\~DF4DED.tmp
- C:\window1\CRNJEUFU000000000001.t
- C:\window1\CRNJEUFU000000000001.exe
- 'www.fo##a.info':80
- 'www.mk##s.info':80
- 'localhost':1037
- http://www.fo##a.info/xztj/cs.asp?id#############################
- http://www.mk##s.info/gx/cs.asp?id#############################
- http://www.mk##s.info/gx/tj.asp?id#############################
- DNS ASK www.fo##a.info
- DNS ASK www.mk##s.info