Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'ctfmons.exe' = '%ALLUSERSPROFILE%\BHR\ctfmons.exe'
- %ALLUSERSPROFILE%\BHR\ctfmons.exe (загружен из сети Интернет)
- %ALLUSERSPROFILE%\BHR\File Name .exe (загружен из сети Интернет)
- <SYSTEM32>\regsvr32.exe /s %ALLUSERSPROFILE%\BHR\MSWinSck.ocx
- %ALLUSERSPROFILE%\BHR\MSWinSck.ocx
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\ULU3YH2D\fy[1].exe
- %ALLUSERSPROFILE%\BHR\ctfmons.exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\0D6B6PI5\ui[1].dll
- %ALLUSERSPROFILE%\BHR\ctfmons.exe.sk
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\69I9OPW5\YMSG%20Auto%20Response%20(www.Clickkon.com)[1].exe
- %ALLUSERSPROFILE%\BHR\File Name .exe
- 'www.no##ain.com':80
- 'vg###.#ersiangig.com':80
- 'localhost':1034
- www.no##ain.com/fy.exe
- www.no##ain.com/ui.dll
- vg###.#ersiangig.com/Vgold/YMSG%20Auto%20Response%20(www.Clickkon.com).exe
- DNS ASK www.no##ain.com
- DNS ASK vg###.#ersiangig.com
- ClassName: 'Indicator' WindowName: ''
- ClassName: 'MS_WebcheckMonitor' WindowName: ''
- ClassName: 'MS_AutodialMonitor' WindowName: ''