Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Services\BITS] 'Start' = '00000002'
- ClassName: 'OLLYDBG' WindowName: ''
- %TEMP%\BIT7.tmp
- %TEMP%\BIT6.tmp
- %TEMP%\BIT9.tmp
- %TEMP%\BIT8.tmp
- %TEMP%\BIT5.tmp
- %TEMP%\BIT2.tmp
- %TEMP%\BIT1.tmp
- %TEMP%\BIT4.tmp
- %TEMP%\BIT3.tmp
- %TEMP%\1472229629
- %TEMP%\1472229609
- %TEMP%\1472229641
- %TEMP%\1472229636
- %TEMP%\1472229604
- %TEMP%\1472229568
- %TEMP%\1472229548
- %TEMP%\1472229597
- %TEMP%\1472229573
- %TEMP%\BIT7.tmp в %TEMP%\1472229629
- %TEMP%\BIT6.tmp в %TEMP%\1472229609
- %TEMP%\BIT9.tmp в %TEMP%\1472229641
- %TEMP%\BIT8.tmp в %TEMP%\1472229636
- %TEMP%\BIT5.tmp в %TEMP%\1472229604
- %TEMP%\BIT2.tmp в %TEMP%\1472229568
- %TEMP%\BIT1.tmp в %TEMP%\1472229548
- %TEMP%\BIT4.tmp в %TEMP%\1472229597
- %TEMP%\BIT3.tmp в %TEMP%\1472229573
- 'localhost':1051
- 'localhost':1050
- 'localhost':1049
- 'localhost':1054
- 'localhost':1053
- 'localhost':1052
- 'ne####ringsite.com':80
- 'th####sharing.com':80
- 'localhost':1040
- 'wp#d':80
- 'localhost':1044
- 'ne###arings.com':80
- 'localhost':1042
- http://ne###arings.com/gettasks2.php?pr################################################################
- http://ne####ringsite.com/gettasks2.php?pr################################################################
- http://11#.#11.111.1/wpad.dat via wp#d
- http://th####sharing.com/gettasks2.php?pr################################################################
- DNS ASK ne###arings.com
- DNS ASK ne####ringsite.com
- DNS ASK wp#d
- DNS ASK th####sharing.com