Техническая информация
- '%TEMP%\installer_ctrl.exe' "-g" "-r" "%TEMP%\hdm_offers" "-n <Полный путь к вирусу>"
- '%TEMP%\installer_ctrl.exe' (загружен из сети Интернет)
- %TEMP%\nsh2.tmp\nsArray.dll
- %TEMP%\nsh2.tmp\System.dll
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\U98D4X8H\download[1].php
- %TEMP%\nsh2.tmp\InstallOptions.dll
- %TEMP%\Launcher.exe
- %TEMP%\nsh2.tmp\modern-wizard.bmp
- %TEMP%\nsh2.tmp\ioSpecial.ini
- %TEMP%\nsh2.tmp\inetc.dll
- %TEMP%\installer_ctrl.exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\installer_ctrl[1].exe
- 'www.le####gdownload.com':80
- 'hd###iaweb.net':80
- www.le####gdownload.com/download.php?ve#######################################
- hd###iaweb.net/dl/installer_ctrl.exe
- DNS ASK www.le####gdownload.com
- DNS ASK hd###iaweb.net
- ClassName: 'Shell_TrayWnd' WindowName: '(null)'
- ClassName: '#32770' WindowName: '(null)'