Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'PHIME2010S' = '%APPDATA%\Common Files\ctftry.exe'
- %HOMEPATH%\Start Menu\Programs\Startup\ctftry.exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\yahooo.htm
- %APPDATA%\Common Files\Plugins\index.txt
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\index[1].html
- %APPDATA%\Common Files\ctftry.exe
- %APPDATA%\Microsoft\Plugins\ntuser.n1s
- %APPDATA%\Common Files\Plugins\index.txt
- %APPDATA%\Microsoft\Plugins\ntuser.n1s
- %APPDATA%\Common Files\Plugins\index.txt
- %HOMEPATH%\Local Settings\Temporary Internet Files\yahooo.htm
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\index[1].html
- '21#.#75.52.249':80
- 'www.ya##o.co.jp':80
- '10.#6.1.21':25
- 21#.#75.52.249/_thu_vi/index.html
- www.ya##o.co.jp/index.html
- DNS ASK www.ya##o.co.jp
- '<IP-адрес в локальной сети>':1038