Техническая информация
- 'C:\temp\tmp\ksd18.exe'
- '%PROGRAM_FILES%\vest21_v145\vest21_v145.exe' ksd18.exe^c:\temp\tmp
- 'C:\temp\tmp\load.exe'
- '%TEMP%\1.tmp\b2e.exe' %TEMP%\1.tmp\b2e.exe c:\temp\tmp "c:\temp\tmp\load.exe"
- '%PROGRAM_FILES%\vest21_v145\vest21_v145.exe' (загружен из сети Интернет)
- '<SYSTEM32>\cmd.exe' /c ""%TEMP%\selfdel0.bat" "
- '<SYSTEM32>\regsvr32.exe' /s "<SYSTEM32>\MSINET.OCX"
- '<SYSTEM32>\cmd.exe' /c ""%TEMP%\2.tmp\batfile.bat" "
- <SYSTEM32>\MSINET.OCX
- <SYSTEM32>\INETKO.DLL
- <SYSTEM32>\VB6KO.DLL
- %TEMP%\selfdel0.bat
- %PROGRAM_FILES%\vest21_v145\vest21_v145.exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\vest21_v145_ks18_1[1].exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\exelistall[1].asp
- C:\temp\tmp\load.exe
- C:\temp\tmp\ksd18.exe
- C:\temp\tmp\VB6KO.DLL
- C:\temp\tmp\INETKO.DLL
- %TEMP%\2.tmp\batfile.bat
- %TEMP%\1.tmp\b2e.exe
- C:\temp\tmp\MSINET.OCX
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\exelistall[1].asp
- %TEMP%\1.tmp\b2e.exe
- %TEMP%\2.tmp\batfile.bat
- 'www.sa###1.pe.kr':80
- 'www.ve###1.pe.kr':80
- 'localhost':1037
- www.sa###1.pe.kr/down/m/ver145/vest21_v145_ks18_1.exe
- www.ve###1.pe.kr/act/exelistall.asp?un########
- DNS ASK www.sa###1.pe.kr
- DNS ASK www.ve###1.pe.kr
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: 'EDIT' WindowName: ''