Техническая информация
- %WINDIR%\Tasks\At1.job
- %TEMP%\2616911036.bin
- %TEMP%\is-1FNGU.tmp\2616911036.tmp /SL5="$50036,972510,100352,%TEMP%\2616911036.bin"
- %TEMP%\28699221.tmp "%TEMP%\673811402.bin"
- %TEMP%\210436227.tmp "%TEMP%\673811402.bin"
- <SYSTEM32>\at.exe 00:12 /every:2,5,8,11,14,17,20,23,26,29 "<SYSTEM32>\usrshutta.exe"
- %TEMP%\is-0698P.tmp\DirBitmap.bmp
- %TEMP%\is-0698P.tmp\GroupBitmap.bmp
- %TEMP%\is-0698P.tmp\Vista.cjstyles
- %TEMP%\is-0698P.tmp\unarc.dll
- %TEMP%\is-0698P.tmp\isskin.dll
- %TEMP%\is-0698P.tmp\Click.wav
- %TEMP%\is-0698P.tmp\Enter.wav
- %TEMP%\is-0698P.tmp\Button.png
- %TEMP%\is-0698P.tmp\Logo.bmp
- %TEMP%\is-0698P.tmp\botva2.dll
- %TEMP%\is-0698P.tmp\innocallback.dll
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\google[1]
- <SYSTEM32>\usrshutta.exe
- %TEMP%\210436227.tmp
- %TEMP%\28699221.tmp
- %TEMP%\673811402.bin
- %TEMP%\is-0698P.tmp\_isetup\_RegDLL.tmp
- %TEMP%\is-0698P.tmp\_isetup\_shfoldr.dll
- %TEMP%\is-1FNGU.tmp\2616911036.tmp
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\U98D4X8H\indeh[1].php
- %TEMP%\2616911036.bin
- %TEMP%\673811402.bin
- %TEMP%\210436227.tmp
- %TEMP%\28699221.tmp
- 'kw###ame.com':80
- '74.##5.232.51':80
- 'localhost':1035
- kw###ame.com/indeh.php?u=########################################
- 74.##5.232.51/
- DNS ASK kw###ame.com
- DNS ASK google.com
- ClassName: 'Shell_TrayWnd' WindowName: ''