Техническая информация
- %PROGRAM_FILES%\baidu\dsetup.exe install
- %PROGRAM_FILES%\baidu\msfsg.exe md5 -s newnetgar.dll -d newnetgar.dll md5 -s sumpod-nos.sys -d sumpod-nos.sys md5 -s spass.dll -d spass.dll md5 -s passthru.dll -d passthru.dll md5 -s dsetup.exe -d dsetup.exe
- %TEMP%\is-M3RUJ.tmp\<Имя вируса>.tmp /SL5="$40032,823309,54272,<Полный путь к вирусу>"
- %PROGRAM_FILES%\baidu\spass.dll
- %PROGRAM_FILES%\baidu\newnetgar.dll
- %PROGRAM_FILES%\baidu\sumpod-nos.sys
- <SYSTEM32>\hardpol\MyIEData\main.ini
- %PROGRAM_FILES%\baidu\passthru.dll
- %PROGRAM_FILES%\baidu\dsetup.exe
- %APPDATA%\Microsoft\Protect\S-1-5-21-1275210071-117609710-1801674531-500\d352f08b-42a6-4887-8b50-8cb865e93d60
- %WINDIR%\inf\oem17.inf
- %WINDIR%\inf\oem17.PNF
- %WINDIR%\inf\INFCACHE.0
- %APPDATA%\Microsoft\Crypto\RSA\S-1-5-21-1275210071-117609710-1801674531-500\a18ca4003deb042bbee7a40f15e1970b_ffcb838e-6d3b-4e44-a259-8ac8f5c94c4f
- %WINDIR%\inf\oem16.inf
- %WINDIR%\inf\oem16.PNF
- %PROGRAM_FILES%\baidu\is-UUR30.tmp
- %TEMP%\is-H9LEA.tmp\spass.dll
- %PROGRAM_FILES%\baidu\is-M36L9.tmp
- %PROGRAM_FILES%\baidu\is-IK6NB.tmp
- %TEMP%\is-M3RUJ.tmp\<Имя вируса>.tmp
- %TEMP%\is-H9LEA.tmp\_isetup\_RegDLL.tmp
- %TEMP%\is-H9LEA.tmp\_isetup\_shfoldr.dll
- %PROGRAM_FILES%\baidu\is-L70TR.tmp
- %PROGRAM_FILES%\baidu\is-RBK4B.tmp
- %PROGRAM_FILES%\baidu\is-SBCB3.tmp
- %PROGRAM_FILES%\baidu\is-5KOB7.tmp
- %PROGRAM_FILES%\baidu\is-VUDBK.tmp
- %PROGRAM_FILES%\baidu\is-L72IO.tmp
- %PROGRAM_FILES%\baidu\is-QV81K.tmp
- %WINDIR%\inf\INFCACHE.2 в %WINDIR%\inf\OLDCACHE.000
- %WINDIR%\inf\INFCACHE.1 в %WINDIR%\inf\INFCACHE.2
- ClassName: '' WindowName: '??????...'
- ClassName: 'Shell_TrayWnd' WindowName: ''