Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\explorer.exe] 'Debugger' = '<SYSTEM32>\feelgood.exe'
- '<Текущая директория>\0.exe'
- '<Текущая директория>\waigua.exe'
- '<SYSTEM32>\wscript.exe' "<Текущая директория>\1.vbs"
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\cfjuren[1]
- <SYSTEM32>\e36a339a73d6b40a443af46b2.dll
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\U98D4X8H\1g7g[1]
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\cfwgw[1]
- <SYSTEM32>\b47ba4aaf4ec251c654c457c
- <Текущая директория>\waigua.exe
- <Текущая директория>\1.vbs
- <SYSTEM32>\feelgood.exe
- <Текущая директория>\0.exe
- <Текущая директория>\0.exe
- 'www.cf##w.com':80
- 'www.1g##.com':80
- 'www.cf##ren.com':80
- 'localhost':1036
- '11#.#1.173.12':5330
- www.cf##w.com/
- www.1g##.com/
- www.cf##ren.com/xiaocao1.txt
- www.cf##ren.com/
- DNS ASK www.1g##.com
- DNS ASK www.cf##w.com
- DNS ASK www.cf##ren.com
- ClassName: 'MS_AutodialMonitor' WindowName: '(null)'
- ClassName: 'MS_WebcheckMonitor' WindowName: '(null)'
- ClassName: 'EDIT' WindowName: '(null)'
- ClassName: 'Shell_TrayWnd' WindowName: '(null)'