Техническая информация
- '%TEMP%\3.17.10.exe'
- '%PROGRAM_FILES%\is160049.exe'
- '%PROGRAM_FILES%\a_3311.exe'
- '%TEMP%\_ir_sf7_temp_0\irsetup.exe' "__IRAFN:<Полный путь к вирусу>"
- '%TEMP%\ORION95.EXE'
- '%TEMP%\lu.07.10.exe'
- '%PROGRAM_FILES%\a_3311.exe' (загружен из сети Интернет)
- '%PROGRAM_FILES%\is160049.exe' (загружен из сети Интернет)
- %TEMP%\3.17.10.exe
- %TEMP%\lu.07.10.exe
- %TEMP%\ORION95.EXE
- %PROGRAM_FILES%\a_3311.exe
- %PROGRAM_FILES%\is160049.exe
- %WINDIR%\uninstall.xml
- %TEMP%\_ir_sf7_temp_0\irsetup.dat
- %TEMP%\_ir_sf7_temp_0\irsetup.exe
- %WINDIR%\uni1.tmp
- %WINDIR%\uninstall.exe
- %WINDIR%\uninstall.dat
- %TEMP%\_ir_sf7_temp_0\irsetup.exe
- %WINDIR%\uni1.tmp
- %TEMP%\_ir_sf7_temp_0\irsetup.dat
- 'gi###odec.com':80
- 'www.po###avers.com':80
- gi###odec.com/download/a_3311.exe
- www.po###avers.com/executable/is160049.exe
- DNS ASK gi###odec.com
- DNS ASK www.po###avers.com
- ClassName: 'MS_WINHELP' WindowName: ''
- ClassName: 'Shell_TrayWnd' WindowName: ''