Техническая информация
- '<SYSTEM32>\wscript.exe' "%WINDIR%\url.vbs"
- '<SYSTEM32>\wscript.exe' "%WINDIR%\jingling.vbs"
- '<SYSTEM32>\wscript.exe' "%WINDIR%\abc.vbs"
- '%WINDIR%\regedit.exe' /s %WINDIR%\ie.reg
- firefox.exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\jingling[1].vbs
- %WINDIR%\jingling.vbs
- %WINDIR%\url.vbs
- %WINDIR%\abc.vbs
- %WINDIR%\IE.reg
- %WINDIR%\url.vbs
- %WINDIR%\abc.vbs
- %WINDIR%\IE.reg
- 'www.ze##shw.cn':80
- 'localhost':1036
- www.ze##shw.cn/soft/jingling.vbs
- DNS ASK www.ze##shw.cn
- ClassName: 'RegEdit_RegEdit' WindowName: '(null)'
- ClassName: 'Shell_TrayWnd' WindowName: '(null)'
- ClassName: 'EDIT' WindowName: '(null)'