Техническая информация
- '%WINDIR%\KKl2.exe'
- '%WINDIR%\KKl3.exe'
- '%WINDIR%\KKl4.exe'
- '%WINDIR%\KKl5.exe'
- '%WINDIR%\KKl1.exe'
- '%WINDIR%\KKl3.exe' (загружен из сети Интернет)
- '%WINDIR%\KKl4.exe' (загружен из сети Интернет)
- '%WINDIR%\KKl1.exe' (загружен из сети Интернет)
- '%WINDIR%\KKl2.exe' (загружен из сети Интернет)
- '%WINDIR%\KKl5.exe' (загружен из сети Интернет)
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\KKl3[1].jpg
- %WINDIR%\KKl2.exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\YPORKZYZ\KKl2[1].jpg
- %WINDIR%\KKl4.exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\U98D4X8H\KKl4[1].jpg
- %WINDIR%\KKl3.exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\U98D4X8H\KKl5[1].jpg
- %WINDIR%\chi.pps
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\chi[1].jpg
- %WINDIR%\KKl1.exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\2VAZY7AN\KKl1[1].jpg
- %WINDIR%\KKl5.exe
- 'up###dway.com':80
- 'www.sn###rive.net':80
- 'localhost':1035
- up###dway.com/files/1954/KKl2.jpg
- up###dway.com/files/1957/KKl3.jpg
- up###dway.com/files/1958/KKl4.jpg
- www.sn###rive.net/files/545916/chi.jpg
- up###dway.com/files/1820/KKl5.jpg
- up###dway.com/files/1953/KKl1.jpg
- DNS ASK up###dway.com
- DNS ASK www.sn###rive.net
- ClassName: 'Shell_TrayWnd' WindowName: '(null)'
- ClassName: '(null)' WindowName: '<Имя вируса>'