Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'SkyWolf' = 'C:\System SkyWolf\SkyWolf.exe'
- 'C:\System SkyWolf\SkyWolf.exe'
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\NetSyst96[1].dll
- %ProgramFiles%\AppPatch\NetSyst96.dll
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\U98D4X8H\NetSyst96[1].dll
- C:\System SkyWolf\SkyWolf.exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\dhl862zk[1].txt
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\time.tianqi[1]
- 'ti##.tianqi.com':80
- 'ft#######.host566.zhujiwu.me':80
- http://ft#######.host566.zhujiwu.me/NetSyst96.dll
- http://ti##.tianqi.com/
- http://ft#######.host566.zhujiwu.me/mftg/dhl862zk.txt
- DNS ASK ti##.tianqi.com
- DNS ASK ft#######.host566.zhujiwu.me
- ClassName: '' WindowName: 'SkyWolf.exe'