Техническая информация
- %PROGRAM_FILES%\1ClickDownload\gzip.exe -d -q "<Имя вируса>.torrent.gz"
- %PROGRAM_FILES%\1ClickDownload\gzip.exe (загружен из сети Интернет)
- %TEMP%\nsn2.tmp\accept1.bmp
- %TEMP%\nsn2.tmp\accept2.bmp
- %TEMP%\nsn2.tmp\skip.bmp
- %TEMP%\nsn2.tmp\accept.bmp
- %TEMP%\nsn2.tmp\accept3.bmp
- %TEMP%\nsn2.tmp\anon.bmp
- %TEMP%\nsn2.tmp\1clogo.bmp
- %TEMP%\nsn2.tmp\decline.bmp
- %TEMP%\nsn2.tmp\save.bmp
- %TEMP%\nsn2.tmp\nsDialogs.dll
- %TEMP%\nsn2.tmp\getCountry
- %TEMP%\nsn2.tmp\inetc3.dll
- %TEMP%\nsn2.tmp\System.dll
- %TEMP%\nsn2.tmp\NSISdl.dll
- %TEMP%\nsn2.tmp\gC0
- %PROGRAM_FILES%\1ClickDownload\mainpack.exe
- %TEMP%\nsn2.tmp\gCo
- %PROGRAM_FILES%\1ClickDownload\torrentdownload.tmp
- %PROGRAM_FILES%\1ClickDownload\gzip.exe
- '13##x.org':80
- 'cm#.##wnloadit.cc':80
- 'in####ler.zugo.com':80
- 'da##.##-software.com':80
- cm#.##wnloadit.cc/gzip2.exe
- cm#.##wnloadit.cc/OCMainPack.exe
- da##.##-software.com/country.asp?st##########################################################
- in####ler.zugo.com/getcountry
- da##.##-software.com/country.asp?st###########################################################
- 13##x.org/download/253899/
- DNS ASK 13##x.org
- DNS ASK cm#.##wnloadit.cc
- DNS ASK da##.##-software.com
- DNS ASK in####ler.zugo.com
- '<IP-адрес в локальной сети>':1035
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: '#32770' WindowName: ''