Техническая информация
- <SYSTEM32>\at.exe 18:13 /every:3,6,9,12,15,18,21,24,27,30 "<SYSTEM32>\dmmremote.exe"
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\69I9OPW5\google[1]
- <SYSTEM32>\dmmremote.exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\0D6B6PI5\indeh[1].php
- %TEMP%\168646814.tmp
- %TEMP%\2472618596.tmp
- %TEMP%\151567794.bin
- %TEMP%\2696027548.bin
- %TEMP%\151567794.bin
- %TEMP%\168646814.tmp
- %TEMP%\2472618596.tmp
- 'kw###ame.com':80
- '74.##5.232.51':80
- 'localhost':1037
- kw###ame.com/indeh.php?u=########################################
- 74.##5.232.51/
- DNS ASK kw###ame.com
- DNS ASK google.com
- ClassName: 'Shell_TrayWnd' WindowName: ''