Техническая информация
- '%TEMP%\is-PEDHS.tmp\setupLJTVKJGUA4R.exe' /VERYSILENT
- '%TEMP%\is-PEDHS.tmp\YoudaoSHJ1D4BGHS4.exe' /VERYSILENT
- '%TEMP%\is-APVU2.tmp\<Имя вируса>.tmp' /SL5="$30092,148001,53248,<Полный путь к вирусу>"
- '%TEMP%\is-PEDHS.tmp\setup1HB1JA6D5P5.exe' /VERYSILENT
- '%TEMP%\is-PEDHS.tmp\YoudaoSHJ1D4BGHS4.exe' (загружен из сети Интернет)
- '%TEMP%\is-PEDHS.tmp\setup1HB1JA6D5P5.exe' (загружен из сети Интернет)
- '%TEMP%\is-PEDHS.tmp\setupLJTVKJGUA4R.exe' (загружен из сети Интернет)
- %TEMP%\is-PEDHS.tmp\setup1HB1JA6D5P5.exe
- %TEMP%\is-PEDHS.tmp\setupLJTVKJGUA4R.exe
- %TEMP%\is-PEDHS.tmp\YoudaoSHJ1D4BGHS4.exe
- %TEMP%\is-PEDHS.tmp\itdownload.dll
- %TEMP%\is-APVU2.tmp\<Имя вируса>.tmp
- %TEMP%\is-PEDHS.tmp\_isetup\_RegDLL.tmp
- %TEMP%\is-PEDHS.tmp\_isetup\_shfoldr.dll
- %TEMP%\is-PEDHS.tmp\_isetup\_RegDLL.tmp
- %TEMP%\is-PEDHS.tmp\_isetup\_shfoldr.dll
- %TEMP%\is-APVU2.tmp\<Имя вируса>.tmp
- %TEMP%\is-PEDHS.tmp\YoudaoSHJ1D4BGHS4.exe
- %TEMP%\is-PEDHS.tmp\itdownload.dll
- %TEMP%\is-PEDHS.tmp\setup1HB1JA6D5P5.exe
- %TEMP%\is-PEDHS.tmp\setupLJTVKJGUA4R.exe
- 'co####.youdao.com':80
- 'www.sm####tarmovie.cn':80
- 'd2.##wnxia.net':80
- co####.youdao.com/cidian/YoudaoDict_kuodou.exe
- www.sm####tarmovie.cn/download/slices.exe
- d2.##wnxia.net/?id#################
- DNS ASK co####.youdao.com
- DNS ASK www.sm####tarmovie.cn
- DNS ASK d2.##wnxia.net
- ClassName: '(null)' WindowName: '????'
- ClassName: 'Shell_TrayWnd' WindowName: '(null)'