Техническая информация
- <SYSTEM32>\msiexec.exe /Y "%APPDATA%\DllDropper.dll"
- <SYSTEM32>\msiexec.exe /V
- %TEMP%\kZ2wu2QP.sys
- %APPDATA%\DllDropper.dll
- %WINDIR%\Temp\KZDWUvqpBSLImje.exe
- %TEMP%\MSI269ad.LOG
- %WINDIR%\Installer\225be.msi
- %TEMP%\xednvixy.msi
- C:\Config.Msi\225c1.rbs
- %WINDIR%\Installer\MSI1.tmp
- %WINDIR%\Installer\225be.msi
- %TEMP%\xednvixy.msi
- C:\Config.Msi\225c1.rbs
- %WINDIR%\Installer\MSI1.tmp
- %APPDATA%\DllDropper.dll
- из <Полный путь к вирусу> в %TEMP%\kZ9wu3QPv1KPmNA3
- 'ge###e-2011.com':80
- ge###e-2011.com/cgi-bin/ware.cgi?ad##########
- ge###e-2011.com/loads.php?co#####
- DNS ASK ge###e-2011.com