Техническая информация
- %TEMP%\tr1351039796.exe
- <SYSTEM32>\ntvdm.exe -f -i1
- <SYSTEM32>\cmd.exe /c "%APPDATA%\setup126000.ini.bat"
- %WINDIR%\Explorer.EXE
- <SYSTEM32>\svchost.exe
- %CommonProgramFiles%\wsm_32\Temp.dll
- %WINDIR%\xxsst.dll
- %CommonProgramFiles%\wsm_32\msupdate.dll
- %CommonProgramFiles%\wsm_32\~A003.tmp
- %WINDIR%\Temp\scs2.tmp
- %CommonProgramFiles%\wsm_32\data\IpAddress.txt
- %CommonProgramFiles%\wsm_32\install.dll
- %WINDIR%\Temp\scs1.tmp
- %CommonProgramFiles%\wsm_32\msupdate.tmp
- %APPDATA%\setup126000.ini.bat
- %CommonProgramFiles%\drivercashe\intelnat.tmp
- %TEMP%\tr1351039796.exe
- <Текущая директория>\<Имя вируса>1.exe
- %CommonProgramFiles%\drivercashe\20101019.ini
- %CommonProgramFiles%\drivercashe\mswsocket.dll
- %CommonProgramFiles%\drivercashe\intelnat.sys
- %CommonProgramFiles%\drivercashe\mswsocket.tmp
- %TEMP%\tr1351039796.exe
- %CommonProgramFiles%\wsm_32\Temp.dll
- %WINDIR%\Temp\scs2.tmp
- %WINDIR%\Temp\scs1.tmp
- %CommonProgramFiles%\drivercashe\mswsocket.tmp
- %CommonProgramFiles%\drivercashe\intelnat.tmp
- %CommonProgramFiles%\wsm_32\~A003.tmp
- %CommonProgramFiles%\wsm_32\msupdate.tmp
- %WINDIR%\xxsst.dll в %WINDIR%\fxsst.dll
- DNS ASK hu#####ight.gicp.net
- ClassName: 'ConsoleWindowClass' WindowName: 'ntvdm-9c8.9cc.390002'