Техническая информация
- '%TEMP%\mlq\mlq.exe'
- '%TEMP%\mlq\ml.exe'
- '<SYSTEM32>\reg.exe' add "HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3" /v "1400" /t REG_DWORD /d 00000003 /f
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3] '1400' = '00000003'
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\CAG5AJ81.HashRefresh&pos=1359867914
- C:\№«ёж.htm
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\2VAZY7AN\552[1].htm
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\U98D4X8H\111[1]
- %TEMP%\28168FST.bat
- %TEMP%\mlq\ml.exe
- %TEMP%\aut1.tmp
- %TEMP%\mlq\mlq.exe
- %TEMP%\aut2.tmp
- %TEMP%\28168FST.bat
- %TEMP%\28168FST.bat
- %TEMP%\aut2.tmp
- %TEMP%\aut1.tmp
- '0.#.0.111':80
- 'www.hu###ngqq.cn':80
- 'wh##.amung.us':80
- 'localhost':1038
- 'ca###ha.qq.com':80
- 'b1#.##one.qq.com':80
- www.hu###ngqq.cn/tc/552.htm
- 0.#.0.111/
- ca###ha.qq.com/getimage?ai####################
- DNS ASK hi.##idu.com
- DNS ASK wh##.amung.us
- DNS ASK www.hu###ngqq.cn
- DNS ASK ca###ha.qq.com
- DNS ASK b1#.##one.qq.com
- ClassName: 'MS_AutodialMonitor' WindowName: '(null)'
- ClassName: 'MS_WebcheckMonitor' WindowName: '(null)'
- ClassName: '(null)' WindowName: '(null)'
- ClassName: 'Shell_TrayWnd' WindowName: '(null)'