Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] 'bWtfjpdgUo' = 'cmd /c del <SYSTEM32>\XJPoTdMnKl.exe'
- <SYSTEM32>\cmd.exe
- <Полный путь к вирусу>
- '<SYSTEM32>\XJPoTdMnKl.exe' (загружен из сети Интернет)
- '<SYSTEM32>\XJPoTdMnKl.exe'
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\U98D4X8H\create[1].php
- <SYSTEM32>\dllcache\cmd.exe.new
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\test[1].exe
- <SYSTEM32>\XJPoTdMnKl.exe
- <SYSTEM32>\cmd.exe в <SYSTEM32>\_cmd.exe
- <SYSTEM32>\cmd.exe
- из <SYSTEM32>\cmd.exe в <SYSTEM32>\HiSEHWs.exe
- 'localhost':80
- 'localhost':1037
- http://12#.0.0.1/other/create.php via localhost
- http://12#.0.0.1/other/test.exe via localhost
- ClassName: 'Progman' WindowName: ''
- ClassName: 'SysListView32' WindowName: ''
- ClassName: 'MozillaUIWindowClass' WindowName: ''
- ClassName: 'IEFrame' WindowName: ''
- ClassName: 'OpWindow' WindowName: ''