Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '' = '%WINDIR%\CTFMOM.EXE'
- %WINDIR%\ctfmom.exe <Полный путь к вирусу>
- <SYSTEM32>\rundll32.exe <SYSTEM32>\shimgvw.dll,ImageView_Fullscreen %WINDIR%\Chrysanthemum.jpg
- <Текущая директория>\<Имя вируса>.jpg
- %WINDIR%\hit32.dll
- %HOMEPATH%\Recent\WINDOWS.lnk
- %HOMEPATH%\Recent\Chrysanthemum.lnk
- %WINDIR%\command.dll
- %WINDIR%\ctfmom.exe
- %WINDIR%\RCX1.tmp
- %WINDIR%\Chrysanthemum.jpg
- %WINDIR%\command.dll
- %WINDIR%\ctfmom.exe
- %WINDIR%\Chrysanthemum.jpg
- %WINDIR%\ctfmom.exe
- 'is####.no-ip.com.br':2017
- 'is####.no-ip.com.br':2016
- 'is####.no-ip.com.br':2015
- 'is####.no-ip.com.br':2020
- 'is####.no-ip.com.br':2019
- 'is####.no-ip.com.br':2018
- 'is####.no-ip.com.br':2011
- 'is####.no-ip.com.br':2010
- 'is####.no-ip.com.br':2009
- 'is####.no-ip.com.br':2014
- 'is####.no-ip.com.br':2013
- 'is####.no-ip.com.br':2012
- DNS ASK is####.no-ip.com.br
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: 'ShImgVw:CPreviewWnd' WindowName: ''