Техническая информация
- '<SYSTEM32>\HBidQv\<Имя вируса>.exe'
- %CommonProgramFiles%\junction\sysxml.dat
- %CommonProgramFiles%\umbrella\sysxml.dat
- %CommonProgramFiles%\ordinary\sysxml.dat
- %CommonProgramFiles%\valid\sysxml.dat
- %CommonProgramFiles%\knot\sysxml.dat
- %CommonProgramFiles%\tip\sysxml.dat
- %CommonProgramFiles%\industry\sysxml.dat
- %TEMP%\aut2.tmp
- <SYSTEM32>\HBidQv\<Имя вируса>.exe
- %TEMP%\aut1.tmp
- <SYSTEM32>\HBidQv\unqogyo.dll
- %CommonProgramFiles%\band\sysxml.dat
- %CommonProgramFiles%\spot\sysxml.dat
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\18[1].xml
- %CommonProgramFiles%\industry\sysxml.dat
- %CommonProgramFiles%\valid\sysxml.dat
- %CommonProgramFiles%\knot\sysxml.dat
- %CommonProgramFiles%\tip\sysxml.dat
- %CommonProgramFiles%\junction\sysxml.dat
- %CommonProgramFiles%\band\sysxml.dat
- %CommonProgramFiles%\spot\sysxml.dat
- %CommonProgramFiles%\umbrella\sysxml.dat
- %CommonProgramFiles%\ordinary\sysxml.dat
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\18[1].xml
- %TEMP%\aut2.tmp
- %TEMP%\aut1.tmp
- 'da##.#8taojin.com':80
- 'da##.#2taojin.com':80
- 'localhost':1037
- 'da##.mikaow.com':80
- da##.#2taojin.com/api/18.xml
- da##.#8taojin.com/api/18.xml
- da##.mikaow.com/api/18.xml
- DNS ASK da##.#2taojin.com
- DNS ASK da##.#8taojin.com
- DNS ASK da##.mikaow.com