Техническая информация
- '%WINDIR%\NEX.exe'
- '%TEMP%\31f60.exe'
- '%TEMP%\305ed.tmp'
- <Текущая директория>\qbridge.ini
- %WINDIR%\NEX.exe
- %TEMP%\(1).zip
- <Текущая директория>\version.txt
- <Полный путь к вирусу>
- %TEMP%\305ed.tmp
- <Текущая директория>\mu.dll
- %TEMP%\31f60.exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\2VAZY7AN\zhen[1].txt
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\U98D4X8H\jia[1].txt
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\YPORKZYZ\jia[1].txt
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\U98D4X8H\zhen[1].txt
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\2VAZY7AN\jia[1].txt
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\YPORKZYZ\zhen[1].txt
- 'ip.#q.com':80
- 'cl####.qbridge.co.kr':80
- '12#.#5.220.71':80
- ip.#q.com/
- cl####.qbridge.co.kr/QbridgeLauncher/version.txt
- 12#.#5.220.71/jia.txt
- 12#.#5.220.71/zhen.txt
- 12#.#5.220.71/Ftpid.txt
- 12#.#5.220.71/Ftpip.txt
- cl####.qbridge.co.kr/QbridgeLauncher/QBridge_VER.html
- 12#.#5.220.71/Ftpmima.txt
- DNS ASK ip.#q.com
- DNS ASK cl####.qbridge.co.kr
- ClassName: '' WindowName: ''
- ClassName: 'SE_SogouExplorerFrame' WindowName: ''
- ClassName: '360se_Frame' WindowName: ''
- ClassName: 'RC_CORAL_CLASS_FRAME2' WindowName: ''
- ClassName: 'Chrome_WidgetWin_1' WindowName: ''
- ClassName: 'CabinetWClass' WindowName: ''
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: 'QQBrowserMainFrame' WindowName: ''
- ClassName: 'Windows Internet Explorer_Frame' WindowName: ''