Техническая информация
- %WINDIR%\Tasks\At1.job
- '<SYSTEM32>\at.exe' 04:12 /every:1,4,7,10,13,16,19,22,25,28,31 "<SYSTEM32>\mrinffo.exe"
- '%TEMP%\229924355.bin'
- '<SYSTEM32>\cmd.exe' /c at 04:12 /every:1,4,7,10,13,16,19,22,25,28,31 "<SYSTEM32>\mrinffo.exe"
- '%TEMP%\2925826596.tmp' "%TEMP%\24158021.bin"
- '%TEMP%\3044713731.tmp' "%TEMP%\24158021.bin"
- <SYSTEM32>\mrinffo.exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\U98D4X8H\indeh[1].php
- %TEMP%\229924355.bin
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\google[1]
- %TEMP%\2925826596.tmp
- %TEMP%\24158021.bin
- %TEMP%\3044713731.tmp
- %TEMP%\24158021.bin
- %TEMP%\3044713731.tmp
- %TEMP%\2925826596.tmp
- 'kw###ame.com':80
- '74.##5.232.51':80
- 'localhost':1039
- http://kw###ame.com/indeh.php?u=########################################
- http://google.com/ via 74.##5.232.51
- DNS ASK kw###ame.com
- DNS ASK google.com