Техническая информация
- '%PROGRAM_FILES%\svchvost.exe'
- '%PROGRAM_FILES%\svchost.exe'
- '<SYSTEM32>\cacls.exe' "%PROGRAM_FILES%\E-yoo\EyooSechelper2.dll" /e /d everyone
- '<SYSTEM32>\regsvr32.exe' /s "<SYSTEM32>\MSWINSCK.OCX"
- '<SYSTEM32>\sc.exe' start winmgmt
- '<SYSTEM32>\sc.exe' config winmgmt start= demand
- '<SYSTEM32>\mshta.exe' vbscript:createobject("wscript.shell").run("""start.bat"" h",0)(window.close)
- '<SYSTEM32>\cmd.exe' /c ""%PROGRAM_FILES%\start.bat" "
- '<SYSTEM32>\ping.exe' 127.0.0.1 -n 3
- '<SYSTEM32>\cmd.exe' /c ""%PROGRAM_FILES%\start.bat" h"
- %TEMP%\~DF08A3.TMP
- <SYSTEM32>\MSWINSCK.OCX
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\VoidRay_1122[1].php
- %PROGRAM_FILES%\start.bat
- %PROGRAM_FILES%\svchvost.exe
- %PROGRAM_FILES%\svchost.exe
- %PROGRAM_FILES%\userconfig.ini
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\VoidRay_1122[1].php
- 'localhost':1039
- 'lp#####ay.lingpao8.com':80
- lp#####ay.lingpao8.com/VoidRay_1122.php?UI############################
- DNS ASK up####.woai310.com
- DNS ASK lp####ray.huo99.com
- DNS ASK lp#####ay.lingpao8.com
- DNS ASK lp#####ay.meimofang.com
- ClassName: 'MS_AutodialMonitor' WindowName: '(null)'
- ClassName: 'MS_WebcheckMonitor' WindowName: '(null)'
- ClassName: 'EDIT' WindowName: '(null)'
- ClassName: 'Shell_TrayWnd' WindowName: '(null)'