Техническая информация
- '<SYSTEM32>\1033\tLvXwO\bWhUo.exe'
- '<SYSTEM32>\svchost.exe'
- <SYSTEM32>\svchost.exe
- %WINDIR%\TwRsLL\JEtOIEC.dll
- %WINDIR%\CLOG.txt
- %WINDIR%\TwRsLL\SEwJSw.dat
- %HOMEPATH%\Local Settings\<INETFILES>\Content.IE5\KHMHGZ4F\ip138[1]
- %WINDIR%\BOWfVGyY.dll
- %TEMP%\kZuLz.tmp
- %TEMP%\dJdOa.tmp
- <SYSTEM32>\1033\tLvXwO\bWhUo.exe
- <SYSTEM32>\1033\tLvXwO\ЙиЦГ.txt
- %WINDIR%\BOWfVGyY.dll
- %WINDIR%\TwRsLL\SEwJSw.dat
- %TEMP%\kZuLz.tmp
- %TEMP%\dJdOa.tmp
- 'www.ip##8.com':80
- '<L###LNET>.0.2':80
- 'ip.#atr.cn':80
- 'localhost':1040
- 'www.58##y.com':80
- 'cn##.58ad.cn':80
- 'www.go##0.com':80
- http://www.ip##8.com/
- http:// via <L###LNET>.0.2
- http://ip.#atr.cn/
- http://www.58##y.com/index/getcfg?id######
- http://cn##.58ad.cn/index/getcfg?id######
- http://www.go##0.com/d2/CDClient.dll
- DNS ASK www.ip##8.com
- DNS ASK ip.#atr.cn
- DNS ASK www.go##0.com
- DNS ASK www.58##y.com
- DNS ASK cn##.58ad.cn
- ClassName: 'TApplication' WindowName: 'eyoorun'