Техническая информация
- %HOMEPATH%\Start Menu\Programs\Startup\Chrome.exe
- '<SYSTEM32>\schtasks.exe' /create /tn WinUpdate /tr %HOMEPATH%\AppData\Roaming\update.exe /sc MINUTE /mo 5 /F
- '<SYSTEM32>\schtasks.exe' /create /tn Boot /tr %HOMEPATH%\AppData\Roaming\Chrome.exe /sc MINUTE /mo 720 /F
- '%CommonProgramFiles%\Microsoft Shared\DW\DW20.EXE' -x -s 1096
- '%ProgramFiles%\Internet Explorer\IEXPLORE.EXE' -nohome
- '<SYSTEM32>\cmd.exe' /C schtasks /create /tn WinUpdate /tr %HOMEPATH%\AppData\Roaming\update.exe /sc MINUTE /mo 5 /F
- '<SYSTEM32>\cmd.exe' /C schtasks /create /tn Boot /tr %HOMEPATH%\AppData\Roaming\Chrome.exe /sc MINUTE /mo 720 /F
- %TEMP%\dw.log
- %HOMEPATH%\Local Settings\<INETFILES>\Content.IE5\U98D4X8H\2bWf9QZ[1]
- %TEMP%\2DEBD.dmp
- %HOMEPATH%\Local Settings\<INETFILES>\Content.IE5\KHMHGZ4F\2bTqcvl[1]
- %HOMEPATH%\AppData\Roaming\Chrome.exe
- %HOMEPATH%\AppData\Roaming\update.exe
- 'la###tasks.com':80
- '74.##5.232.51':443
- 'localhost':1044
- 'localhost':1038
- 'bi#.ly':80
- 'wp#d':80
- http://la###tasks.com/update.exe
- http://bi#.ly/2bWf9QZ
- http://la###tasks.com/popServe.exe
- http://bi#.ly/2bTqcvl
- http://11#.#11.111.2/wpad.dat via wp#d
- DNS ASK la###tasks.com
- DNS ASK dl.##ogle.com
- DNS ASK bi#.ly
- DNS ASK wp#d
- ClassName: 'MS_AutodialMonitor' WindowName: ''
- ClassName: 'MS_WebcheckMonitor' WindowName: ''
- ClassName: 'IEFrame' WindowName: ''
- ClassName: '' WindowName: ''
- ClassName: 'Shell_TrayWnd' WindowName: ''