Техническая информация
- %WINDIR%\Tasks\At1.job
- '%TEMP%\2334019758.tmp' "%TEMP%\2001122008.bin"
- '%TEMP%\1933423288.bin' "%TEMP%\ remover.exe"
- '%TEMP%\1632032705.tmp' "%TEMP%\2001122008.bin"
- '%TEMP%\ L3DT_PRO-2.8.exe'
- '%TEMP%\ remover.exe'
- '<SYSTEM32>\at.exe' 16:14 /every:1,4,7,10,13,16,19,22,25,28,31 "<SYSTEM32>\hostnname.exe"
- %TEMP%\nsa2.tmp\InstallOptions.dll
- %TEMP%\2001122008.bin
- %TEMP%\1933423288.bin
- <SYSTEM32>\hostnname.exe
- %TEMP%\2334019758.tmp
- %TEMP%\nsa2.tmp\modern-header.bmp
- %TEMP%\ remover.exe
- %TEMP%\ L3DT_PRO-2.8.exe
- %TEMP%\1632032705.tmp
- %TEMP%\nsa2.tmp\modern-wizard.bmp
- %TEMP%\nsa2.tmp\ioSpecial.ini
- %TEMP%\2001122008.bin
- %TEMP%\ remover.exe
- %TEMP%\1632032705.tmp
- %TEMP%\2334019758.tmp
- 'kw###ame.com':80
- '74.##5.232.51':80
- 'localhost':1038
- kw###ame.com/indeh.php?u=########################################
- 74.##5.232.51/
- DNS ASK kw###ame.com
- DNS ASK google.com
- ClassName: 'Shell_TrayWnd' WindowName: ''