| | Infection | Listen | Egg-download | Upload |
|---|
| 445 (97%) | 80 (94%) | 1032 (71%)
1031 (26%) | 80 (89%) |
|
| | Processes | Executables |
|---|
| MSMSGS.EXE (98%) | ndisrd.sys (99%)
DCPROMO.LOG (98%)
index.dat (98%)
random 6/7/8
character filename |
|
| ...InternetSettings\Zones (97%)
...Zones\0 (97%)
...Zones\1 (97%)
...Zones\2 (97%)
...Zones\3 (97%)
...Zones\4 (97%)full list |
|
| 1:5001684 (100%)
1:2001683 (99%)
1:2000032 (97%)
1:2466 (97%)
1:2000033 (97%)
1:3000000 (97%)full list |
|
| | FTP |
|---|
user=1 (75%)
pass=1 (50%) |
|
| | MD5 | Antivirus labels | Domain |
|---|
a12cab... (67%)
df17a6... (16%)full list | padobot (100%)
berbew (99%)
berkor (99%)
doxpar (99%)
korgo (95%)
padodor (74%)full list | 53bank.com (100%)
acrolein-hawk.rubanking.h... (100%)
alfabank.ru (100%)
asmworm.com (100%)
atmacasoft.com (100%)
barclays.com (100%)full list |
|