Техническая информация
- %WINDIR%\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:%TEMP%\RES2.tmp" "%TEMP%\CSC1.tmp"
- %WINDIR%\Microsoft.NET\Framework\v4.0.30319\csc.exe /noconfig /fullpaths @"%TEMP%\oyvux5l2.cmdline"
- <LS_APPDATA>\Lunarite\<Имя вируса>.exe_Url_5vip3zsouy0qjbouikhpi22faaoirvqu\1.1.2.81\kruw31ip.newcfg
- %TEMP%\oyvux5l2.dll
- <SYSTEM32>\d3d9caps.tmp
- <SYSTEM32>\d3d9caps.dat
- %TEMP%\RES2.tmp
- %TEMP%\oyvux5l2.cmdline
- %TEMP%\oyvux5l2.0.cs
- %TEMP%\CSC1.tmp
- %TEMP%\oyvux5l2.out
- %TEMP%\oyvux5l2.out
- %TEMP%\oyvux5l2.0.cs
- <SYSTEM32>\d3d9caps.dat
- %TEMP%\oyvux5l2.cmdline
- %TEMP%\RES2.tmp
- %TEMP%\CSC1.tmp
- %TEMP%\oyvux5l2.dll
- <SYSTEM32>\d3d9caps.tmp в <SYSTEM32>\d3d9caps.dat
- <LS_APPDATA>\Lunarite\<Имя вируса>.exe_Url_5vip3zsouy0qjbouikhpi22faaoirvqu\1.1.2.81\kruw31ip.newcfg в <LS_APPDATA>\Lunarite\<Имя вируса>.exe_Url_5vip3zsouy0qjbouikhpi22faaoirvqu\1.1.2.81\user.config
- 'mi####e.net78.net':80
- 'sa###ooru.org':80
- 'wp#d':80
- '74.##5.232.51':443
- sa###ooru.org/index.php?pa###########################################
- mi####e.net78.net/imagetx//beta/version.txt
- wp#d/wpad.dat
- DNS ASK mi####e.net78.net
- DNS ASK sa###ooru.org
- DNS ASK wp#d
- DNS ASK do##.google.com
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: 'SysListView32' WindowName: ''