Техническая информация
- '%CommonProgramFiles%\tongkua.exe'
- '%CommonProgramFiles%\tongkua.exe' (загружен из сети Интернет)
- '<SYSTEM32>\cmd.exe' /c %CommonProgramFiles%\suoyouxins.bat
- %CommonProgramFiles%\ppna.txt
- %CommonProgramFiles%\done.txt
- %CommonProgramFiles%\suoyouxins.bat
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\oRun[1].exe
- %CommonProgramFiles%\haojh.txt
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\U98D4X8H\count[1].asp
- %CommonProgramFiles%\haojh.txt в %CommonProgramFiles%\tongkua.exe
- 'xx#.##odaita.com':80
- 'mt##.#aitou3.com':80
- 'localhost':1037
- xx#.##odaita.com/count.asp?id#########################################
- mt##.#aitou3.com/x0606/game032/oRun.exe
- DNS ASK xx#.##odaita.com
- DNS ASK mt##.#aitou3.com