Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'ctfmen' = '<SYSTEM32>\ctfmen.exe'
- <SYSTEM32>\smnss.exe
- <SYSTEM32>\ctfmen.exe
- <SYSTEM32>\satornas.dll
- <SYSTEM32>\zipfi.dll
- <SYSTEM32>\zipfiaq.dll
- <SYSTEM32>\smnss.exe
- <SYSTEM32>\ctfmen.exe
- <SYSTEM32>\shervans.dll
- <SYSTEM32>\grcopy.dll
- <SYSTEM32>\satornas.dll
- 'ma##.rarreg.com':25
- 'ma##.ols.es':25
- 'ma##.#armanager.com':25
- 'sp###hrwrn.biz':80
- 'ma##.ukrnet.net':25
- sp###hrwrn.biz/imgs/krewa/nqxa.php?id############################################
- DNS ASK tu.#pb.ru
- DNS ASK ma#l.ru
- DNS ASK ho##ox.ru
- DNS ASK fr#####nloadmanager.org
- DNS ASK i-###nect.ru
- DNS ASK ma##2000.ru
- DNS ASK oa###.cctpu.edu.ru
- DNS ASK 19#.#26.246.49
- DNS ASK ur#n.ru
- DNS ASK 19#.#26.246.33
- DNS ASK is###bler.net
- DNS ASK gm##l.com
- DNS ASK Fr##BSD.org
- DNS ASK uo###.mif.vu.lt
- DNS ASK ci##.umich.edu
- DNS ASK in######downloadmanager.com
- DNS ASK fi####x.mozilla.org
- DNS ASK ch####opher.beard
- DNS ASK ya###-inc.com
- DNS ASK Sh####rReports.com
- DNS ASK rs#######e.kiev.ua.localdomain
- DNS ASK ol#.es
- DNS ASK ma##.ukrnet.net
- DNS ASK ma##.rarreg.com
- DNS ASK ma##.#armanager.com
- DNS ASK rs####aine.kiev.ua
- DNS ASK sp###hrwrn.biz
- DNS ASK uk##et.net
- DNS ASK ra##eg.com
- DNS ASK fa###nager.com
- DNS ASK sk##ski.pl
- DNS ASK ma##.#####raine.kiev.ua.localdomain
- DNS ASK pr#.ro
- DNS ASK bi##oot.com
- DNS ASK qa##.com
- DNS ASK mb##.vol.cz
- DNS ASK ma##.ols.es
- DNS ASK ra#.cz
- DNS ASK ke##o.com
- DNS ASK ji##z.cz