Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'twr' = '%TEMP%\twrxx16.exe'
- %TEMP%\twrxx16.exe
- %TEMP%\twrxx16.exe
- 'ir#####d.o2switch.net':80
- 'www.ir##hpub.fo':80
- 'www.aa####oorns.co.za':80
- ir#####d.o2switch.net/.sys.php?ac###############
- www.ir##hpub.fo/.sys.php?ac###############
- www.aa####oorns.co.za/.sys.php?ac###############
- DNS ASK www.ir##hpub.fo
- DNS ASK ir#####d.o2switch.net
- DNS ASK www.aa####oorns.co.za
- '<IP-адрес в локальной сети>':1035
- ClassName: 'Shell_TrayWnd' WindowName: ''