Техническая информация
- %WINDIR%\Tasks\74778-93294.job
- '<SYSTEM32>\cmd.exe' /c ping 127.0.0.1 -n 2 > nul & del "%TEMP%\7ZipSfx.000\AdsAgent.exe" > nul
- '<SYSTEM32>\ping.exe' 127.0.0.1 -n 2
- '<SYSTEM32>\rundll32.exe' "%ALLUSERSPROFILE%\Application Data\74778.93294\74778.93294.dll",PUIAPI_CreateInstance
- '%TEMP%\7ZipSfx.000\AdsAgent.exe' /VERYSILENT /password=123 /subid=landing2
- '%TEMP%\is-OV9UV.tmp\AdsAgent.tmp' /SL5="$30092,1068026,57856,%TEMP%\7ZipSfx.000\AdsAgent.exe" /VERYSILENT /password=123 /subid=landing2
- %ALLUSERSPROFILE%\Application Data\74778.93294\is-B3G8E.tmp
- %ALLUSERSPROFILE%\Application Data\74778.93294\is-J7E96.tmp
- %ALLUSERSPROFILE%\Application Data\74778.93294\169.tmp
- %TEMP%\7ZipSfx.000\AdsAgent.exe
- %TEMP%\is-OV9UV.tmp\AdsAgent.tmp
- %TEMP%\is-179HC.tmp\_isetup\_iscrypt.dll
- %TEMP%\7ZipSfx.000\AdsAgent.exe
- %TEMP%\is-OV9UV.tmp\AdsAgent.tmp
- %TEMP%\is-179HC.tmp\_isetup\_iscrypt.dll
- %ALLUSERSPROFILE%\Application Data\74778.93294\is-J7E96.tmp в %ALLUSERSPROFILE%\Application Data\74778.93294\169.tmp
- %ALLUSERSPROFILE%\Application Data\74778.93294\is-B3G8E.tmp в %ALLUSERSPROFILE%\Application Data\74778.93294\74778.93294.dll
- 'we##.linkpc.net':51568
- 'cd###load.com':80
- http://cd###load.com/aff/?a=#########################
- DNS ASK we##.linkpc.net
- DNS ASK cd###load.com
- ClassName: 'Shell_TrayWnd' WindowName: ''