Техническая информация
- <SYSTEM32>\msiexec.exe /Y "%APPDATA%\DllDropper.dll"
- <SYSTEM32>\msiexec.exe /V
- %TEMP%\kZ2wu2QP.sys
- %APPDATA%\DllDropper.dll
- %WINDIR%\Temp\KZDWUvqpXVmfDZy.exe
- %TEMP%\MSI28747.LOG
- %WINDIR%\Installer\22cf2.msi
- %TEMP%\mgnxeorn.msi
- C:\Config.Msi\22cf5.rbs
- %WINDIR%\Installer\MSI1.tmp
- %WINDIR%\Installer\22cf2.msi
- %TEMP%\mgnxeorn.msi
- C:\Config.Msi\22cf5.rbs
- %WINDIR%\Installer\MSI1.tmp
- %APPDATA%\DllDropper.dll
- из <Полный путь к вирусу> в %TEMP%\kZ9wu3QPdt5sH8qx
- 'ge###e-2011.com':80
- ge###e-2011.com/cgi-bin/ware.cgi?ad##########
- ge###e-2011.com/loads.php?co#####
- DNS ASK ge###e-2011.com