Техническая информация
- <SYSTEM32>\attrib.exe +r +a +s +h "%WINDIR%\newtask.exe"
- <SYSTEM32>\schtasks.exe /Create /sc minute /mo 60 /tn "System Value Information Task" /tr "%WINDIR%\newtask.exe" /f
- <SYSTEM32>\cmd.exe /c ""%TEMP%\ztmp\t23488.bat" "
- <SYSTEM32>\attrib.exe +h %TEMP%\ztmp
- %WINDIR%\newtask.exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\0f1faccd.linkbucks[1]
- %TEMP%\ztmp\t23488.bat
- %TEMP%\ztmp\t23540.exe
- %WINDIR%\newtask.exe
- %TEMP%\ztmp\t23540.exe
- %TEMP%\ztmp\t23488.bat
- 'ad#.ly':80
- 'c6#####1.linkbucks.com':80
- '04#####e.linkbucks.com':80
- '0f#####d.linkbucks.com':80
- 'f1#####3.linkbucks.com':80
- 'ad##c.us':80
- 'b2#####0.linkbucks.com':80
- '0a#####e.linkbucks.com':80
- 'localhost':1035
- '6b#####c.linkbucks.com':80
- 'f1#####4.linkbucks.com':80
- 'eb#####d.linkbucks.com':80
- c6#####1.linkbucks.com/
- 0a#####e.linkbucks.com/
- 0f#####d.linkbucks.com/
- b2#####0.linkbucks.com/
- 04#####e.linkbucks.com/
- 6b#####c.linkbucks.com/
- ad#.ly/CfwYc
- DNS ASK ad#.ly
- DNS ASK c6#####1.linkbucks.com
- DNS ASK ad##c.us
- DNS ASK 0f#####d.linkbucks.com
- DNS ASK f1#####3.linkbucks.com
- DNS ASK 04#####e.linkbucks.com
- DNS ASK b2#####0.linkbucks.com
- DNS ASK 0a#####e.linkbucks.com
- DNS ASK eb#####d.linkbucks.com
- DNS ASK 6b#####c.linkbucks.com
- DNS ASK f1#####4.linkbucks.com
- ClassName: 'MS_AutodialMonitor' WindowName: ''
- ClassName: 'MS_WebcheckMonitor' WindowName: ''
- ClassName: 'IEFrame' WindowName: ''
- ClassName: '' WindowName: ''
- ClassName: 'Shell_TrayWnd' WindowName: ''