Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Services\BITS] 'Start' = '00000002'
- ClassName: 'OLLYDBG' WindowName: ''
- %TEMP%\BIT6.tmp
- %TEMP%\BIT5.tmp
- %TEMP%\BIT8.tmp
- %TEMP%\BIT7.tmp
- %TEMP%\BIT2.tmp
- %TEMP%\BIT1.tmp
- %TEMP%\BIT4.tmp
- %TEMP%\BIT3.tmp
- %TEMP%\1468612413
- %TEMP%\1468612408
- %TEMP%\1468612437
- %TEMP%\1468612431
- %TEMP%\1468612369
- %TEMP%\1468612337
- %TEMP%\1468612402
- %TEMP%\1468612381
- %TEMP%\BIT6.tmp в %TEMP%\1468612413
- %TEMP%\BIT5.tmp в %TEMP%\1468612408
- %TEMP%\BIT8.tmp в %TEMP%\1468612437
- %TEMP%\BIT7.tmp в %TEMP%\1468612431
- %TEMP%\BIT2.tmp в %TEMP%\1468612369
- %TEMP%\BIT1.tmp в %TEMP%\1468612337
- %TEMP%\BIT4.tmp в %TEMP%\1468612402
- %TEMP%\BIT3.tmp в %TEMP%\1468612381
- 'localhost':1048
- 'localhost':1047
- 'ne####ringsite.com':80
- 'localhost':1051
- 'localhost':1050
- 'localhost':1049
- 'th####sharing.com':80
- 'localhost':1038
- 'wp#d':80
- 'localhost':1042
- 'ne###arings.com':80
- 'localhost':1040
- http://ne###arings.com/gettasks2.php?pr################################################################
- http://ne####ringsite.com/gettasks2.php?pr################################################################
- http://11#.#11.111.1/wpad.dat via wp#d
- http://th####sharing.com/gettasks2.php?pr################################################################
- DNS ASK ne###arings.com
- DNS ASK ne####ringsite.com
- DNS ASK wp#d
- DNS ASK th####sharing.com