Техническая информация
- '%APPDATA%\temp\korea3Setup.exe' INSTALL HIDE
- '%APPDATA%\temp\winggoup1.exe'
- '<SYSTEM32>\cmd.exe' /c ""%APPDATA%\temp\winggoup1.exe_del.bat" "
- '<SYSTEM32>\cmd.exe' /c ""<Полный путь к вирусу>_del.bat" "
- %APPDATA%\temp\korea3Setup.exe
- %TEMP%\nsk5.tmp
- %TEMP%\nsv6.tmp\nsCommands3.dll
- %APPDATA%\temp\winggoup1.exe_del.bat
- %TEMP%\nsv6.tmp\nsSelfDel.dll
- %APPDATA%\temp\winggoup1.exe
- %TEMP%\nsz2.tmp
- %TEMP%\nsb3.tmp\nsCommands3.dll
- <Полный путь к вирусу>_del.bat
- %TEMP%\nsb3.tmp\nsSelfDel.dll
- %TEMP%\nsv6.tmp\nsSelfDel.dll
- %APPDATA%\temp\winggoup1.exe
- %TEMP%\nsv6.tmp\nsCommands3.dll
- %TEMP%\nsb3.tmp\nsCommands3.dll
- %TEMP%\nsb3.tmp\nsSelfDel.dll
- 'st###group.kr':80
- DNS ASK st###group.kr
- ClassName: 'TfrmMCenter' WindowName: '(null)'