Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'ctfmon' = '<SYSTEM32>\ ctfmon.exe'
- [<HKLM>\SYSTEM\ControlSet001\Services\ClHelp] 'Start' = '00000002'
- <SYSTEM32>\tree.com c: /A /F
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\69I9OPW5\ml[1].txt
- %TEMP%\ml.acn
- <SYSTEM32>\tree.txt
- <SYSTEM32>\ctfver.acn
- %TEMP%\aut1.tmp
- %TEMP%\oenozqj
- <SYSTEM32>\ ctfmon.exe
- %TEMP%\oenozqj
- %TEMP%\aut1.tmp
- 'li######thue007.webs.com':80
- li######thue007.webs.com/ml.txt
- DNS ASK li######thue007.webs.com
- DNS ASK www.google.com
- '<IP-адрес в локальной сети>':1034
- ClassName: 'Indicator' WindowName: ''