Техническая информация
- %WINDIR%\syswow64\iexpress.exe
- <LS_APPDATA>\microsoft\windows\<INETFILES>\content.ie5\caasbycl\logs[1].txt
- <LS_APPDATA>\microsoft\windows\<INETFILES>\content.ie5\re1n75kr\hzpc[1].htm
- <LS_APPDATA>\microsoft\windows\<INETFILES>\content.ie5\0u8lpyu9\xzxz2[1].htm
- <LS_APPDATA>\microsoft\windows\<INETFILES>\content.ie5\caasbycl\f[1].txt
- <LS_APPDATA>\microsoft\windows\history\history.ie5\mshist012019071720190718\index.dat
- <LS_APPDATA>\microsoft\windows\<INETFILES>\content.ie5\bzjx5bke\f[1].txt
- http://20#.#2.196.45/webimg/top.jpg
- http://ap#.#p138.com/query/?to####################################
- http://10#.#50.51.203/51la/hzpc.html
- http://20#.#2.196.45/webimg/left.jpg
- http://20#.#2.196.45/webimg/right.jpg
- http://10#.#50.51.206/51la/xzxz2.html
- http://ia.#1.la/go1?id###########################################################################################################################################################################...
- http://20#.#2.196.45/webimg/logs.txt
- DNS ASK ap#.#p138.com
- DNS ASK xu#.##login2.qq.com
- DNS ASK lo######t.ptlogin2.qq.com
- DNS ASK js.##ers.51.la
- DNS ASK ia.#1.la
- ClassName: 'MS_AutodialMonitor' WindowName: ''
- ClassName: 'MS_WebCheckMonitor' WindowName: ''
- '%WINDIR%\syswow64\iexpress.exe'