Техническая информация
- '%WINDIR%\ieSetup.exe'
- '<SYSTEM32>\regsvr32.exe' /s "%WINDIR%\iePush.Dll"
- %WINDIR%\Explorer.EXE
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\2VAZY7AN\jPop[1].xml
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\U98D4X8H\jPop[1].xml
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\rturl[1].xml
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\YPORKZYZ\exeurl[1].xml
- %WINDIR%\iePush.ini
- %WINDIR%\ieSetup.exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\rnd[1].asp
- %WINDIR%\iePush.Dll
- 'cp###.icoou.cn':80
- 'ro###.icoou.com':80
- 'localhost':1036
- 'ip.#8oo.com':80
- cp###.icoou.cn/exeurl.xml?nu#####################
- cp###.icoou.cn/rturl.xml?nu#####################
- ro###.icoou.com/jPop.xml?nu#####################
- ip.#8oo.com/rnd.asp?nu#####################
- cp###.icoou.cn/jPop.xml?nu#####################
- DNS ASK ro###.icoou.com
- DNS ASK cp###.icoou.cn
- DNS ASK ip.#8oo.com
- ClassName: 'Shell_TrayWnd' WindowName: '(null)'
- ClassName: 'EDIT' WindowName: '(null)'