Техническая информация
- %TEMP%\nsp2.tmp
- %APPDATA%\Setup.exe
- %TEMP%\7za.exe
- %TEMP%\a.7z
- %TEMP%\nsf3.tmp\execDos.dll
- %TEMP%\boluff.exe
- %TEMP%\_ir_sf_temp_0\irsetup.exe
- %TEMP%\_ir_sf_temp_0\lua5.1.dll
- %TEMP%\_ir_sf_temp_0\irsetup.dat
- %TEMP%\_ir_sf_temp_0\IRIMG1.JPG
- %HOMEPATH%\Local Settings\<INETFILES>\Content.IE5\KHMHGZ4F\mobilekey[1]
- %TEMP%\nsf3.tmp\execDos.dll
- %TEMP%\_ir_sf_temp_0\irsetup.dat
- 'localhost':1039
- 'pa###bin.com':443
- 'localhost':1042
- 'mo###ekey.pw':80
- http://mo###ekey.pw/
- DNS ASK pa###bin.com
- DNS ASK mo###ekey.pw
- ClassName: 'MS_AutodialMonitor' WindowName: ''
- ClassName: 'MS_WebcheckMonitor' WindowName: ''
- '%TEMP%\7za.exe' x "%TEMP%\a.7z" -p3MO5otTDBA -o"%TEMP%\" -aoa
- '%APPDATA%\Setup.exe'
- '%TEMP%\boluff.exe'
- '%TEMP%\_ir_sf_temp_0\irsetup.exe' __IRAOFF:1742194 "__IRAFN:%APPDATA%\Setup.exe" "__IRCT:0" "__IRTSS:0" "__IRSID:S-1-5-21-2052111302-484763869-725345543-1003"
- '<SYSTEM32>\reg.exe' ADD HKCU\Software\VRTSVER /v uni /t REG_SZ /d 1