Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'ctfmonn' = '<Полный путь к вирусу>'
- <SYSTEM32>\LalQQs.exe <SYSTEM32>\LdGvJc8.exe http://x4.#comn.cn/dw/down8.exe
- <SYSTEM32>\iAogJI.exe <SYSTEM32>\mbLSxs8.exe http://x6.#comn.cn/dw/down8.exe
- <SYSTEM32>\ping.exe -n 5 127.0.0.1
- <SYSTEM32>\cmd.exe /c <SYSTEM32>\DelTD.bat
- <SYSTEM32>\LalQQs.exe.tmp
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\0D6B6PI5\down8[1].exe
- <SYSTEM32>\LdGvJc8.exe
- <SYSTEM32>\DelTD.bat
- <SYSTEM32>\iAogJI.exe.tmp
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\69I9OPW5\down8[1].exe
- <SYSTEM32>\mbLSxs8.exe
- <SYSTEM32>\LdGvJc8.exe
- <SYSTEM32>\LalQQs.exe
- <SYSTEM32>\mbLSxs8.exe
- <SYSTEM32>\iAogJI.exe
- 'localhost':1038
- 'x4.#comn.cn':80
- 'localhost':1035
- 'x6.#comn.cn':80
- x4.#comn.cn/dw/down8.exe
- x6.#comn.cn/dw/down8.exe
- DNS ASK x4.#comn.cn
- DNS ASK x6.#comn.cn