Техническая информация
- %WINDIR%\explorer.exe "http://a.##261.com/"
- %WINDIR%\explorer.exe "http://www.lu##izy.org/yv/Index.html"
- %WINDIR%\explorer.exe "http://www.zc##w.com"
- <SYSTEM32>\cmd.exe /c ""%WINDIR%\temp\782364.bat" 程序运行参数"
- <SYSTEM32>\find.exe /I ".htm"
- <SYSTEM32>\find.exe /I ".asp"
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\U98D4X8H\Index[1].html
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\2VAZY7AN\zcmfw[1]
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\a.54261[1]
- %TEMP%\aut1.tmp
- %WINDIR%\Temp\782364.bat
- %TEMP%\aut1.tmp
- 'www.lu##izy.org':80
- 'www.zc##w.com':80
- 'localhost':1036
- 'a.##261.com':80
- www.zc##w.com/
- www.lu##izy.org/yv/Index.html
- a.##261.com/
- DNS ASK www.zc##w.com
- DNS ASK www.lu##izy.org
- DNS ASK a.##261.com
- '<IP-адрес в локальной сети>':1038
- '<IP-адрес в локальной сети>':1037
- ClassName: 'MS_AutodialMonitor' WindowName: ''
- ClassName: 'MS_WebcheckMonitor' WindowName: ''
- ClassName: '' WindowName: ''
- ClassName: 'Shell_TrayWnd' WindowName: ''