Техническая информация
- '<SYSTEM32>\rundll32.exe' dfdts.dll,DfdGetDefaultPolicyAndSMART
- '<SYSTEM32>\cmd.exe' /c cleen.bat
- ClassName: 'PROCMON_WINDOW_CLASS' WindowName: '(null)'
- ClassName: 'RegMonClass' WindowName: '(null)'
- ClassName: 'FileMonClass' WindowName: '(null)'
- %APPDATA%\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\300.bmp
- <Текущая директория>\cleen.bat
- %APPDATA%\Roaming\300.bmp
- %APPDATA%\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\<Имя вируса>.exe
- %TEMP%\WRPE6F4.tmp
- 'da###eider.com':80
- da###eider.com/jkmytgcdjyhtgdnyhtgdn/script.php
- DNS ASK da###eider.com