Technical Information
- %TEMP%\xtrap\Inicialize.exe
- %TEMP%\xtrap\Inicialize.exe (downloaded from the Internet)
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\YPORKZYZ\svchozt[1].exe
- %TEMP%\xtrap\SendMessage.exe
- %TEMP%\xtrap\svchozt.exe
- %TEMP%\xtrap\Inicialize.exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\Inicialize[1].exe
- %TEMP%\xtrap\settings.bin
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\settings[1].bin
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\U98D4X8H\lib[1].dll
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\2VAZY7AN\SendMessage[1].exe
- %TEMP%\xtrap\lib.dll
- 'pr###or.com.br':80
- 'localhost':1038
- '74.##5.232.51':80
- pr###or.com.br/sv/svchozt.exe
- pr###or.com.br/sv/Inicialize.exe
- pr###or.com.br/sv/SendMessage.exe
- pr###or.com.br/sv/settings.bin
- pr###or.com.br/sv/lib.dll
- DNS ASK pr###or.com.br
- DNS ASK www.google.com
- '<Private IP address>':1036
- ClassName: 'Shell_TrayWnd' WindowName: ''