Техническая информация
- %WINDIR%\Tasks\At1.job
- <SYSTEM32>\cmd.exe /c <SYSTEM32>\_aa.bat
- <SYSTEM32>\at.exe 1:28:11 PM <SYSTEM32>\QQ.exe -1
- ClassName: '' WindowName: 'File Monitor - Sysinternals: www.sysinternals.com'
- <SYSTEM32>\QQ.exe
- <SYSTEM32>\_aa.bat
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\install1[1].asp
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\1[1].txt
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\install1[1].asp
- '1.##zhif.cn':80
- 1.##zhif.cn/down/1.txt
- 1.##zhif.cn/install1.asp?ve####################################################################################################
- DNS ASK 1.##zhif.cn
- ClassName: '' WindowName: 'IRIS v4.0'
- ClassName: '' WindowName: 'File Monlter - Sysexternals: www.sysexternals.com'
- ClassName: '' WindowName: 'Registry Monitor-Sysinternals:www.sysinternals.com'