Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'Java' = '<Полный путь к вирусу>'
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\69I9OPW5\ieupdat[1].exe (загружен из сети Интернет)
- <SYSTEM32>\msiexec.exe /V
- <SYSTEM32>\msiexec.exe /i "%TEMP%\python27.msi" /qn /quiet
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\69I9OPW5\ieupdat[1].exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\0D6B6PI5\python27[1].msi
- %TEMP%\python27.msi
- %APPDATA%\Microsoft\Protect\S-1-5-21-1275210071-117609710-1801674531-500\fecde808-efd6-49f9-9e9c-5f2d5a486cb3
- %APPDATA%\Microsoft\Crypto\RSA\S-1-5-21-1275210071-117609710-1801674531-500\a18ca4003deb042bbee7a40f15e1970b_ffcb838e-6d3b-4e44-a259-8ac8f5c94c4f
- %TEMP%\msdump150auro.tmp
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\0D6B6PI5\python27[1].msi
- 'su##e.info':80
- 'as#####arty.fileave.com':80
- 'localhost':1037
- su##e.info/python27.msi
- su##e.info/ipcheck.php?ac##########
- as#####arty.fileave.com/ieupdat.exe
- DNS ASK su##e.info
- DNS ASK as#####arty.fileave.com
- ClassName: 'Indicator' WindowName: ''