Техническая информация
- %WINDIR%\Tasks\At4.job
- %WINDIR%\Tasks\At5.job
- %WINDIR%\Tasks\At3.job
- %WINDIR%\Tasks\At1.job
- %WINDIR%\Tasks\At2.job
- '<SYSTEM32>\at.exe' 00:15 /every:m,t,w,th,f,s,su "%PROGRAM_FILES%\CRNJEUFU000000000001.exe"
- '<SYSTEM32>\wbem\wmiadap.exe' /R /T
- '<SYSTEM32>\at.exe' 00:20 /every:m,t,w,th,f,s,su "%PROGRAM_FILES%\CRNJEUFU000000000001.exe"
- '<SYSTEM32>\at.exe' 00:10 /every:m,t,w,th,f,s,su "%PROGRAM_FILES%\CRNJEUFU000000000001.exe"
- '<SYSTEM32>\wscript.exe' "%PROGRAM_FILES%\CRNJEUFU000000000001.vbs" 0
- '<SYSTEM32>\at.exe' 00:00 /every:m,t,w,th,f,s,su "%PROGRAM_FILES%\CRNJEUFU000000000001.exe"
- '<SYSTEM32>\at.exe' 00:05 /every:m,t,w,th,f,s,su "%PROGRAM_FILES%\CRNJEUFU000000000001.exe"
- %PROGRAM_FILES%\CRNJEUFU000000000001.vbs
- %PROGRAM_FILES%\CRNJEUFU000000000001.bat
- %PROGRAM_FILES%\CRNJEUFU000000000001.s
- %PROGRAM_FILES%\CRNJEUFU000000000001.t
- %PROGRAM_FILES%\CRNJEUFU000000000001.exe
- <SYSTEM32>\PerfStringBackup.TMP
- <SYSTEM32>\wbem\Performance\WmiApRpl.ini
- 'm.###nkpay.info':80
- '74.##5.232.51':80
- 'localhost':1036
- m.###nkpay.info/wxyhmurl.asp?13####
- m.###nkpay.info/wxyhmurl.asp?96######
- 74.##5.232.51/tj.asp?id############################
- 74.##5.232.51/cs.asp
- DNS ASK m.###nkpay.info
- DNS ASK www.google.com