Техническая информация
- %PROGRAM_FILES%\1ClickDownload\gzip.exe -d -q "<Имя вируса>.torrent.gz"
- %PROGRAM_FILES%\1ClickDownload\gzip.exe (загружен из сети Интернет)
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\U98D4X8H\download[1].php
- %TEMP%\nsa2.tmp\gC0
- %PROGRAM_FILES%\1ClickDownload\torrentdownload.tmp
- %PROGRAM_FILES%\1ClickDownload\gzip.exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\2VAZY7AN\gzip2[1].exe
- %TEMP%\nsa2.tmp\NSISdl.dll
- %TEMP%\nsa2.tmp\System.dll
- %TEMP%\nsa2.tmp\getCountry
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\country[1].asp
- %TEMP%\nsa2.tmp\inetc3.dll
- 'ra##g.com':80
- 'cm#.##wnloadit.cc':80
- 'in####ler.zugo.com':80
- 'da##.##-software.com':80
- ra##g.com/download.php?id################################################################################################
- cm#.##wnloadit.cc/gzip2.exe
- in####ler.zugo.com/getcountry
- da##.##-software.com/country.asp?st############################################################
- DNS ASK ra##g.com
- DNS ASK cm#.##wnloadit.cc
- DNS ASK da##.##-software.com
- DNS ASK in####ler.zugo.com
- '<IP-адрес в локальной сети>':1035
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: '#32770' WindowName: ''