Техническая информация
- %TEMP%\media.php
- %TEMP%\bindserv.exe
- %TEMP%\winpole32.exe
- %TEMP%\Bound1.exe
- %TEMP%\svchost1.1364.1.exe
- %TEMP%\bindserv.exe (загружен из сети Интернет)
- %TEMP%\winpole32.exe (загружен из сети Интернет)
- %TEMP%\media.php (загружен из сети Интернет)
- <SYSTEM32>\cmd.exe /c %TEMP%\bindserv.exe.bat
- <SYSTEM32>\cmd.exe /c %TEMP%\media.php.bat
- <SYSTEM32>\cmd.exe /c %TEMP%\winpole32.exe.bat
- %TEMP%\media.php
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\U98D4X8H\media[1].php
- %TEMP%\media.php.bat
- %TEMP%\bindserv.exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\2VAZY7AN\favicon[1].ico
- %TEMP%\bindserv.exe.bat
- %TEMP%\winpole32.exe
- %TEMP%\svchost1.1364.1.exe
- %TEMP%\Bound2.exe
- %TEMP%\Bound1.exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\226[1].exe
- %TEMP%\winpole32.exe.bat
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\confirm[1].php
- %TEMP%\svchost1.1364.1.exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\confirm[1].php
- %TEMP%\Bound2.exe
- '77.##.227.179':80
- '19#.#3.61.166':80
- '74.##.107.165':80
- 'dl.#####ywareprotects.com':80
- 77.##.227.179/media.php
- 19#.#3.61.166/favicon.ico?a=######
- 74.##.107.165/confirm.php?ai##############################################
- dl.#####ywareprotects.com/exe/226.exe
- DNS ASK dl.#####ywareprotects.com
- ClassName: 'Shell_TrayWnd' WindowName: ''