Техническая информация
- '<SYSTEM32>\svchost.exe'
- '<SYSTEM32>\cmd.exe' /c ""%TEMP%\ok.bat" "
- <SYSTEM32>\svchost.exe
- %TEMP%\6546.ad6446
- %TEMP%\1593.tt1570
- %TEMP%\1609.ad1509
- %TEMP%\1484.tt1461
- %TEMP%\1500.ad1400
- %TEMP%\6531.tt6508
- %TEMP%\1703.ad1603
- %TEMP%\6734.tt6711
- %TEMP%\6765.ad6665
- %TEMP%\6640.tt6617
- %TEMP%\6656.ad6556
- %TEMP%\1687.tt1664
- %TEMP%\8609.tt8586
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\U98D4X8H\amzrer[1].txt
- %TEMP%\859.ad759
- <DRIVERS>\pcidump.txt
- %TEMP%\ok.bat
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\install[1].asp
- %TEMP%\1406.ad1306
- %TEMP%\6437.tt6414
- %TEMP%\6453.ad6353
- %TEMP%\6312.tt6289
- %TEMP%\6343.ad6243
- %TEMP%\1375.tt1352
- %TEMP%\1609.ad1509
- %TEMP%\6546.ad6446
- %TEMP%\1500.ad1400
- %TEMP%\6765.ad6665
- %TEMP%\1703.ad1603
- %TEMP%\6656.ad6556
- %TEMP%\859.ad759
- <DRIVERS>\pcidump.sys
- %TEMP%\ok.bat
- %TEMP%\6453.ad6353
- %TEMP%\1406.ad1306
- %TEMP%\6343.ad6243
- <DRIVERS>\pcidump.txt в <DRIVERS>\pcidump.sys
- 'rf##k.cn':80
- 'localhost':1035
- rf##k.cn/abrd021x/amzrer.txt
- rf##k.cn/install.asp?u=######################
- DNS ASK rf##k.cn