Техническая информация
- %TEMP%\is-K5PBK.tmp\goqiinstall3.exe
- %TEMP%\is-K5PBK.tmp\goqiinstall2.exe
- %TEMP%\is-0L2QK.tmp\<Имя вируса>.tmp /SL5="$30092,147140,141824,<Полный путь к вирусу>"
- %TEMP%\is-K5PBK.tmp\goqiinstall3.exe (загружен из сети Интернет)
- %TEMP%\is-K5PBK.tmp\goqiinstall2.exe (загружен из сети Интернет)
- %TEMP%\is-K5PBK.tmp\is-U4FNK.tmp
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\gd_2[1]
- %PROGRAM_FILES%\KuGou7\KgDaemon.exe
- %TEMP%\is-K5PBK.tmp\is-LMEUJ.tmp
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\2VAZY7AN\gd_3[1]
- %TEMP%\is-K5PBK.tmp\goqiinstall3.exe
- %TEMP%\is-K5PBK.tmp\goqiinstall2.exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\U98D4X8H\tongji[1].asp
- %PROGRAM_FILES%\Baofeng\StormPlayer\stormpop.exe
- %TEMP%\is-K5PBK.tmp\fsostd.dll
- %TEMP%\is-K5PBK.tmp\360sefav.db
- %TEMP%\is-0L2QK.tmp\<Имя вируса>.tmp
- %TEMP%\is-K5PBK.tmp\_isetup\_shfoldr.dll
- %PROGRAM_FILES%\PPStream\PPSAP.exe
- %PROGRAM_FILES%\Thunder Network\Thunder\Program\ThunderPlatform.exe
- %APPDATA%\360se\data\360sefav.db
- %PROGRAM_FILES%\QvodPlayer\QvodDaily.exe
- %TEMP%\is-K5PBK.tmp\360sefav.db
- 'www.10##.net':80
- 'www.go##.org':80
- 'localhost':1036
- www.go##.org/gd_3
- www.10##.net/tongji/tongji.asp?us#####################################################################
- www.go##.org/gd_2
- DNS ASK www.10##.net
- DNS ASK www.go##.org
- '<IP-адрес в локальной сети>':1037
- ClassName: 'Shell_TrayWnd' WindowName: ''