Техническая информация
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\U98D4X8H\PatchInfo[1].txt
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\banner1[1].shtml
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\U98D4X8H\banner2[1].shtml
- <SYSTEM32>\d3d9caps.dat
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\NeverExistFile[1].dummy_ext
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\launcher[1].shtml
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\U98D4X8H\PatchInfo[1].txt
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\NeverExistFile[1].dummy_ext
- из <Полный путь к вирусу> в <Текущая директория>\FiestaOnline.exe
- 'sa.##nmily.com':80
- 'cd#.#unmily.com':80
- 'localhost':1035
- cd#.#unmily.com/fiesta/Real/PatchInfo.txt
- sa.##nmily.com/html/zh-tw/launcher/banner2.shtml
- sa.##nmily.com/html/zh-tw/launcher/banner1.shtml
- cd#.#unmily.com/fiesta/Real/NeverExistFile.dummy_ext
- sa.##nmily.com/html/zh-tw/news/launcher.shtml
- DNS ASK sa.##nmily.com
- DNS ASK cd#.#unmily.com
- ClassName: 'MS_AutodialMonitor' WindowName: ''
- ClassName: 'MS_WebcheckMonitor' WindowName: ''
- ClassName: 'SysListView32' WindowName: ''
- ClassName: 'Shell_TrayWnd' WindowName: ''