Техническая информация
- '%TEMP%\is-N9E7D.tmp\YoudaoDict_kuodou.exe'
- '%TEMP%\is-N9E7D.tmp\coopen_setup_100209.exe'
- '%TEMP%\is-RU48C.tmp\<Имя вируса>.tmp' /SL5="$40034,148479,53248,<Полный путь к вирусу>"
- '%CommonProgramFiles%\Microsoft Shared\DAO\aliim01.exe'
- '%TEMP%\is-N9E7D.tmp\coopen_setup_100209.exe' (загружен из сети Интернет)
- '%CommonProgramFiles%\Microsoft Shared\DAO\aliim01.exe' (загружен из сети Интернет)
- '%TEMP%\is-N9E7D.tmp\YoudaoDict_kuodou.exe' (загружен из сети Интернет)
- %CommonProgramFiles%\Microsoft Shared\DAO\aliim01.exe
- %TEMP%\is-N9E7D.tmp\YoudaoDict_kuodou.exe
- %TEMP%\is-N9E7D.tmp\coopen_setup_100209.exe
- %TEMP%\is-N9E7D.tmp\itdownload.dll
- %TEMP%\is-RU48C.tmp\<Имя вируса>.tmp
- %TEMP%\is-N9E7D.tmp\_isetup\_RegDLL.tmp
- %TEMP%\is-N9E7D.tmp\_isetup\_shfoldr.dll
- %TEMP%\is-N9E7D.tmp\_isetup\_RegDLL.tmp
- %TEMP%\is-N9E7D.tmp\_isetup\_shfoldr.dll
- %TEMP%\is-RU48C.tmp\<Имя вируса>.tmp
- %TEMP%\is-N9E7D.tmp\coopen_setup_100209.exe
- %TEMP%\is-N9E7D.tmp\itdownload.dll
- %TEMP%\is-N9E7D.tmp\YoudaoDict_kuodou.exe
- 'do####ad.coopen.cn':80
- 'co####.youdao.com':80
- 'qw.#d29.com':80
- do####ad.coopen.cn/setup/v5/coopen_setup_100209.exe
- co####.youdao.com/cidian/YoudaoDict_kuodou.exe
- qw.#d29.com/test/test1.txt
- DNS ASK do####ad.coopen.cn
- DNS ASK co####.youdao.com
- DNS ASK qw.#d29.com
- ClassName: '(null)' WindowName: '????'
- ClassName: 'Shell_TrayWnd' WindowName: '(null)'