Техническая информация
- %WINDIR%\Tasks\At1.job
- %TEMP%\263693367.tmp "%TEMP%\32208330.bin"
- %TEMP%\139738695.bin "%TEMP%\ remover.exe"
- %TEMP%\707319445.tmp "%TEMP%\32208330.bin"
- %TEMP%\ _Scenes.exe
- %TEMP%\ remover.exe
- <SYSTEM32>\at.exe 13:20 /every:1,4,7,10,13,16,19,22,25,28,31 "<SYSTEM32>\spiissupd.exe"
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\google[1]
- %TEMP%\263693367.tmp
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\U98D4X8H\indeh[1].php
- <SYSTEM32>\spiissupd.exe
- %TEMP%\139738695.bin
- %TEMP%\ remover.exe
- %TEMP%\ _Scenes.exe
- %TEMP%\32208330.bin
- %TEMP%\707319445.tmp
- %TEMP%\32208330.bin
- %TEMP%\ remover.exe
- %TEMP%\707319445.tmp
- %TEMP%\263693367.tmp
- 'kw###ame.com':80
- '74.##5.232.51':80
- 'localhost':1036
- kw###ame.com/indeh.php?u=########################################
- 74.##5.232.51/
- DNS ASK kw###ame.com
- DNS ASK google.com
- ClassName: 'Shell_TrayWnd' WindowName: ''