Техническая информация
- %WINDIR%\temp\eilll\svchost.exe
- 'tj.###nayeyou.cn':1233
- 'tj.###nayeyou.cn':1215
- http://www.ip##8.com/
- http://to#.#p138.com/
- DNS ASK ip##8.com
- DNS ASK to#.#p138.com
- DNS ASK 20##.ip138.com
- DNS ASK ip##.#aigou51.com
- DNS ASK se#####.chinayeyou.com.cn
- DNS ASK tj.###nayeyou.cn
- ClassName: 'jswazmsjzmsngdjs' WindowName: ''
- ClassName: '#32770' WindowName: 'Microsoft Internet Explorer'
- ClassName: '#32770' WindowName: 'windows Internet Explorer'
- ClassName: '#32770' WindowName: 'À´×ÔÍøÒ³µÄÏûÏ¢'
- ClassName: '#32770' WindowName: 'ÎļþÏÂÔà - °²È«¾¯¸æ'
- ClassName: '#32770' WindowName: 'ÎļþÏÂÔГ'
- ClassName: '#32770' WindowName: '°²È«¾¯¸æ'
- ClassName: '#32770' WindowName: 'ГЊГ¼ÓÊÕ²Г'
- ClassName: '#32770' WindowName: 'ГЊГ¼Óµ½ÊÕ²ГВјГђ'
- ClassName: '#32770' WindowName: 'ГЊГ¼Ó»ò¸ü¸ÄÖ÷Ò³'
- ClassName: '#32770' WindowName: 'Web ä¯ÀÀÆ÷'
- ClassName: '#32770' WindowName: 'Adobe Flash Player'
- ClassName: 'MS_AutodialMonitor' WindowName: ''
- ClassName: 'MS_WebCheckMonitor' WindowName: ''
- '%WINDIR%\temp\eilll\svchost.exe'
- '%WINDIR%\syswow64\cmd.exe' /c del "<Полный путь к файлу>"' (со скрытым окном)
- '%WINDIR%\syswow64\cmd.exe' /c del "<Полный путь к файлу>"