Техническая информация
- <SYSTEM32>\at.exe 02:30 /every:m,t,w,th,f,s,su ""%PROGRAM_FILES%\QP.exe""
- <SYSTEM32>\at.exe 02:00 /every:m,t,w,th,f,s,su ""%PROGRAM_FILES%\QP.exe""
- <SYSTEM32>\at.exe 03:00 /every:m,t,w,th,f,s,su ""%PROGRAM_FILES%\QP.exe""
- <SYSTEM32>\at.exe 04:00 /every:m,t,w,th,f,s,su ""%PROGRAM_FILES%\QP.exe""
- <SYSTEM32>\at.exe 03:30 /every:m,t,w,th,f,s,su ""%PROGRAM_FILES%\QP.exe""
- <SYSTEM32>\at.exe 00:00 /every:m,t,w,th,f,s,su ""%PROGRAM_FILES%\QP.exe""
- <SYSTEM32>\wscript.exe ""%PROGRAM_FILES%\QP.vbs"" 0
- <SYSTEM32>\at.exe 00:30 /every:m,t,w,th,f,s,su ""%PROGRAM_FILES%\QP.exe""
- <SYSTEM32>\at.exe 01:30 /every:m,t,w,th,f,s,su ""%PROGRAM_FILES%\QP.exe""
- <SYSTEM32>\at.exe 01:00 /every:m,t,w,th,f,s,su ""%PROGRAM_FILES%\QP.exe""
- %PROGRAM_FILES%\QP.bat
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\69I9OPW5\tj[1].asp
- %PROGRAM_FILES%\QP.vbs
- %PROGRAM_FILES%\QP.t
- %PROGRAM_FILES%\QP.exe
- 'www.re##en1.com':80
- 'localhost':1035
- www.re##en1.com/system/tj.asp?id#############################
- DNS ASK www.re##en1.com