Техническая информация
- '<SYSTEM32>\regsvr32.exe' /s "%TEMP%\~DFA3960.tmp"
- '<SYSTEM32>\regsvr32.exe' /s "%TEMP%\~DFA1117.tmp"
- '<SYSTEM32>\regsvr32.exe' /s "<SYSTEM32>\mswinsck.ocx"
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\YPORKZYZ\file[1].txt
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\2VAZY7AN\file[1].txt
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\U98D4X8H\file[1].txt
- %TEMP%\5760.dat
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\U98D4X8H\<Имя вируса>[1].ini
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\file[2].txt
- %TEMP%\DFA4681.tmp
- <SYSTEM32>\mswinsck.ocx
- %WINDIR%\sys.dat
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\file[1].txt
- %TEMP%\~DFA9A3C.TMP
- %TEMP%\~DFA1117.tmp
- %TEMP%\5760.dat
- %TEMP%\DFA4681.tmp
- 'www.v3##.net':80
- 'www.ah##.net':80
- 'us##.yswm.net':80
- 'www.v1##.net':80
- 'localhost':1036
- 'www.pc##8.net':80
- 'www.ys##.net':80
- www.v3##.net/file.txt
- www.ah##.net/file.txt
- us##.yswm.net/yswm/<Служебное имя>.ini
- www.pc##8.net/file.txt
- www.ys##.net/file.txt
- www.v1##.net/file.txt
- DNS ASK www.v3##.net
- DNS ASK www.ah##.net
- DNS ASK us##.yswm.net
- DNS ASK www.pc##8.net
- DNS ASK www.ys##.net
- DNS ASK www.v1##.net