Техническая информация
- '<SYSTEM32>\xGc02u\<Имя вируса>.exe'
- %CommonProgramFiles%\fashion\sysxml.dat
- %CommonProgramFiles%\utility\sysxml.dat
- %CommonProgramFiles%\maintain\sysxml.dat
- %CommonProgramFiles%\harness\sysxml.dat
- %CommonProgramFiles%\determine\sysxml.dat
- %CommonProgramFiles%\actual\sysxml.dat
- %CommonProgramFiles%\quack\sysxml.dat
- %CommonProgramFiles%\industry\sysxml.dat
- %TEMP%\aut2.tmp
- <SYSTEM32>\xGc02u\<Имя вируса>.exe
- %TEMP%\aut1.tmp
- <SYSTEM32>\xGc02u\yvktqvv.dll
- %CommonProgramFiles%\contain\sysxml.dat
- %CommonProgramFiles%\nutrition\sysxml.dat
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\18[1].xml
- %CommonProgramFiles%\harness\sysxml.dat
- %CommonProgramFiles%\fashion\sysxml.dat
- %CommonProgramFiles%\quack\sysxml.dat
- %CommonProgramFiles%\determine\sysxml.dat
- %CommonProgramFiles%\actual\sysxml.dat
- %CommonProgramFiles%\contain\sysxml.dat
- %CommonProgramFiles%\nutrition\sysxml.dat
- %CommonProgramFiles%\industry\sysxml.dat
- %CommonProgramFiles%\utility\sysxml.dat
- %CommonProgramFiles%\maintain\sysxml.dat
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\18[1].xml
- %TEMP%\aut2.tmp
- %TEMP%\aut1.tmp
- 'da##.#ouming5.com':80
- 'da##.#8taojin.com':80
- 'da##.#2taojin.com':80
- 'localhost':1037
- 'da##.mikaow.com':80
- da##.#ouming5.com/api/18.xml
- da##.#8taojin.com/api/18.xml
- da##.mikaow.com/api/18.xml
- da##.#2taojin.com/api/18.xml
- DNS ASK da##.#ouming5.com
- DNS ASK da##.#8taojin.com
- DNS ASK da##.mikaow.com
- DNS ASK da##.#2taojin.com