Техническая информация
- %HOMEPATH%\Start Menu\Programs\Startup\Anti Virus Option.LNK
- '<SYSTEM32>\ntvdm.exe' -f -i1
- '<SYSTEM32>\rundll32.exe' "%APPDATA%\sysninit.ocx" ChildStart
- '<SYSTEM32>\rundll32.exe' "%APPDATA%\sysninit.ocx" PDFShow
- %WINDIR%\Temp\scs2.tmp
- %WINDIR%\Temp\scs1.tmp
- %HOMEPATH%\Cookies\Q1JOSkVVRlVfVVJOWFlNQVYA_time
- %HOMEPATH%\Cookies\Q1JOSkVVRlVfVVJOWFlNQVYA_ini
- %HOMEPATH%\Cookies\Q1JOSkVVRlVfVVJOWFlNQVYA_boot
- %APPDATA%\tempname.txt
- %APPDATA%\sysninit.ocx
- %APPDATA%\Microsoft\SystemCertificates\My\jqtbinwi.dll
- <Полный путь к вирусу>
- %APPDATA%\Microsoft\SystemCertificates\My\jqtbinwi.exe
- %APPDATA%\Microsoft\SystemCertificates\My\jqtbinwi.exe
- %APPDATA%\Microsoft\SystemCertificates\My\jqtbinwi.dll
- %APPDATA%\sysninit.ocx
- %WINDIR%\Temp\scs2.tmp
- %APPDATA%\tempname.txt
- %APPDATA%\sysninit.ocx
- %WINDIR%\Temp\scs1.tmp
- 'ma##.india.com':80
- 'www.un####.yupage.com':80
- www.un####.yupage.com/test2/Q1JOSkVVRlVfVVJOWFlNQVYA_ini_done
- ma##.india.com/login
- www.un####.yupage.com/test2/serverok.html
- DNS ASK ma##.india.com
- DNS ASK www.un####.yupage.com
- ClassName: 'ConsoleWindowClass' WindowName: 'ntvdm-b94.b98.380001'