Техническая информация
- %WINDIR%\Tasks\At1.job
- %TEMP%\191859714.bin
- %TEMP%\1088818769.tmp "%TEMP%\1936123171.bin" "%TEMP%\191859714.bin"
- %TEMP%\2195828219.tmp "%TEMP%\1936123171.bin"
- <SYSTEM32>\at.exe 17:41 /every:2,5,8,11,14,17,20,23,26,29 "<SYSTEM32>\shrrpubw.exe"
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\google[1]
- <SYSTEM32>\shrrpubw.exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\U98D4X8H\indeh[1].php
- %TEMP%\1088818769.tmp
- %TEMP%\2195828219.tmp
- %TEMP%\1936123171.bin
- %TEMP%\191859714.bin
- %TEMP%\1936123171.bin
- %TEMP%\1088818769.tmp
- %TEMP%\2195828219.tmp
- 'kw###ame.com':80
- '74.##5.232.51':80
- 'localhost':1036
- kw###ame.com/indeh.php?u=########################################
- 74.##5.232.51/
- DNS ASK kw###ame.com
- DNS ASK google.com