Техническая информация
- %TEMP%\~nsuobw.tmp\Fun4IMV6.exe /S
- %TEMP%\wsget.exe "%PROGRAM_FILES%\WhiteSmoke"
- %TEMP%\~nsuobw.tmp\Fun4IMV6.exe (загружен из сети Интернет)
- %TEMP%\~nsuobw.tmp\Fun4IMV6.exe
- %TEMP%\~nsuobw.tmp\Fun4IMV6.exe.part
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\Fun4IMV6[1].exe
- %TEMP%\wsget.exe
- %TEMP%\~nsuobw.tmp\~data.tmp
- '21#.#19.149.6':80
- 'do####ad.bandoo.com':80
- 21#.#19.149.6/getofferbox.php?di######
- do####ad.bandoo.com/o/0/r/63/Fun4IMV6.exe
- DNS ASK do####ad.bandoo.com