Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Internet Explorer\Extensions\{01BF62C1-A9C4-44D5-B8C0-05B52C909D56}] 'ClsidExtension' = '{01BF62C1-A9C4-44D5-B8C0-05B52C909D56}'
- %WINDIR%\sleep.exe 5
- <SYSTEM32>\cmd.exe /c ""<Текущая директория>\<Имя вируса>.bat" "
- <SYSTEM32>\regsvr32.exe /s "%PROGRAM_FILES%\CodiGrils\CodiGirlsTBtn.dll"
- %PROGRAM_FILES%\CodiGrils\codigirls.ico
- %PROGRAM_FILES%\CodiGrils\CodiGirlsTBtn.dll
- <Текущая директория>\<Имя вируса>.bat
- %PROGRAM_FILES%\CodiGrils\uninst.exe
- %ALLUSERSPROFILE%\Desktop\여성의류쇼핑몰 순위사이트.lnk
- %WINDIR%\cgico.ico
- %HOMEPATH%\Favorites\여성의류 쇼핑몰순위-코디걸스.url
- %ALLUSERSPROFILE%\Favorites\여성의류 쇼핑몰순위-코디걸스.url
- %WINDIR%\cgico.ico
- 'www.ev###joa.co.kr':80
- 'www.f-#.co.kr':80
- www.ev###joa.co.kr/jcount/setuplog1.php
- www.f-#.co.kr/log.php
- DNS ASK www.ev###joa.co.kr
- DNS ASK www.f-#.co.kr