Техническая информация
- %TEMP%\is-EGSUB.tmp\cwmpx.exe /p 1 %TEMP%\is-EGSUB.tmp\pxtmpdata.mx
- %TEMP%\is-EGSUB.tmp\cwmpx.exe /p 1 "%TEMP%\is-EGSUB.tmp\pxtmpdata.mx"
- %TEMP%\is-QTNPB.tmp\<Имя вируса>.tmp /SL5="$40036,1055323,83968,<Полный путь к вирусу>"
- %APPDATA%\Microsoft\Crypto\RSA\S-1-5-21-2052111302-484763869-725345543-1003\7165dd0627e5235ca910f8185935cf31_23ef5514-3059-436f-a4a7-4cefaab20eb1
- %APPDATA%\Microsoft\Protect\S-1-5-21-2052111302-484763869-725345543-1003\Preferred
- %APPDATA%\Microsoft\Protect\S-1-5-21-2052111302-484763869-725345543-1003\3f7e0133-787f-4c11-9f06-bff87d689349
- %TEMP%\is-EGSUB.tmp\pxtmpdata.mx
- %TEMP%\2.0.0.2\cd.dll
- %TEMP%\2.0.0.2\le.dll
- %TEMP%\2.0.0.2\lz.dll
- %TEMP%\is-EGSUB.tmp\_isetup\_shfoldr.dll
- %TEMP%\is-EGSUB.tmp\_isetup\_RegDLL.tmp
- %TEMP%\is-QTNPB.tmp\<Имя вируса>.tmp
- %TEMP%\is-EGSUB.tmp\cwmsh.dll
- %TEMP%\is-EGSUB.tmp\cwmpx.exe
- %TEMP%\is-EGSUB.tmp\config.mx
- 'cm#.##mezjoint.com':80
- DNS ASK cm#.##mezjoint.com
- ClassName: 'Shell_TrayWnd' WindowName: ''