Техническая информация
- %WINDIR%\Tasks\Color Album.job
- <SYSTEM32>\GroupPolicy\gpt.ini
- %ProgramFiles%\Color Album\is-0SHBE.tmp
- <SYSTEM32>\GroupPolicy\Machine\Registry.pol
- %ALLUSERSPROFILE%\ntuser.pol
- %ProgramFiles%\Color Album\871828646
- %TEMP%\is-7KDBM.tmp\iwebmanager1520264953.tmp
- %TEMP%\7ZipSfx.000\iwebmanager1520264953.exe
- %TEMP%\is-PC9OI.tmp\_isetup\_isdecmp.dll
- %ProgramFiles%\Color Album\is-HO3SM.tmp
- %TEMP%\is-PC9OI.tmp\_isetup\_iscrypt.dll
- %TEMP%\is-7KDBM.tmp\iwebmanager1520264953.tmp
- %TEMP%\7ZipSfx.000\iwebmanager1520264953.exe
- %TEMP%\is-PC9OI.tmp\_isetup\_iscrypt.dll
- %TEMP%\is-PC9OI.tmp\_isetup\_isdecmp.dll
- %ProgramFiles%\Color Album\is-0SHBE.tmp в %ProgramFiles%\Color Album\871828646
- %ProgramFiles%\Color Album\is-HO3SM.tmp в %ProgramFiles%\Color Album\Color Album.dll
- 'cd###load.com':80
- http://cd###load.com/aff/?a=#########################
- DNS ASK cd###load.com
- '%TEMP%\is-7KDBM.tmp\iwebmanager1520264953.tmp' /SL5="$20094,1590054,57856,%TEMP%\7ZipSfx.000\iwebmanager1520264953.exe" /VERYSILENT /password=G@F@!-_F4bG_@S-?gF /subid=mediaplr
- '%TEMP%\7ZipSfx.000\iwebmanager1520264953.exe' /VERYSILENT /password=G@F@!-_F4bG_@S-?gF /subid=mediaplr
- '<SYSTEM32>\ping.exe' 127.0.0.1 -n 5
- '<SYSTEM32>\cmd.exe' /c ping 127.0.0.1 -n 5 > nul & del "%TEMP%\7ZipSfx.000\iwebmanager1520264953.exe" > nul
- '<SYSTEM32>\rundll32.exe' "%ProgramFiles%\Color Album\Color Album.dll",RjXapeetb