Техническая информация
- [<HKLM>\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command] '' = '"<LS_APPDATA>\cjk.exe" -a "%PROGRAM_FILES%\Internet Explorer\iexplore.exe"'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] '2019758049' = '<LS_APPDATA>\cjk.exe'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'ctfmon.exe' = '<SYSTEM32>\ctfmon.exe'
- [<HKLM>\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] 'EnableFirewall' = '00000000'
- [<HKLM>\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] 'DoNotAllowExceptions' = '00000000'
- [<HKLM>\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] 'DisableNotifications' = '00000001'
- [<HKLM>\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] 'EnableFirewall' = '00000000'
- [<HKLM>\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] 'DoNotAllowExceptions' = '00000000'
- [<HKLM>\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] 'DisableNotifications' = '00000001'
- Центр обеспечения безопасности (Security Center)
- <LS_APPDATA>\cjk.exe -gav <Полный путь к вирусу>
- chrome.exe
- opera.exe
- iexplore.exe
- firefox.exe
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3] 'Icon' = 'inetcpl.cpl#001313'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3] 'Description' = 'This zone contains all Web sites you haven't placed in other zones'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3] 'RecommendedLevel' = '00011000'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3] 'MinLevel' = '00011000'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3] 'DisplayName' = 'Internet'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2] 'Flags' = '00000047'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2] 'RecommendedLevel' = '00010000'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3] '' = ''
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2] '1805' = '00000000'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4] 'MinLevel' = '00012000'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4] 'Icon' = 'inetcpl.cpl#00004481'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4] 'Flags' = '00000003'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4] 'RecommendedLevel' = '00012000'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4] 'Description' = 'This zone contains Web sites that could potentially damage your computer or data.'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3] '1805' = '00000001'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3] 'Flags' = '00000001'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4] 'DisplayName' = 'Restricted sites'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4] '' = ''
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2] 'MinLevel' = '00010000'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0] '1805' = '00000000'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0] 'Flags' = '00000021'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1] 'DisplayName' = 'Local intranet'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1] '' = ''
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0] 'CurrentLevel' = '00000000'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0] 'DisplayName' = 'My Computer'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0] '' = ''
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0] 'Icon' = 'explorer.exe#0100'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0] 'Description' = 'Your computer'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2] 'DisplayName' = 'Trusted sites'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2] '' = ''
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2] 'Icon' = 'inetcpl.cpl#00004480'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2] 'Description' = 'This zone contains Web sites that you trust not to damage your computer or data.'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1] '1805' = '00000000'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1] 'Icon' = 'shell32.dll#0018'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1] 'Description' = 'This zone contains all Web sites that are on your organization's intranet.'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1] 'RecommendedLevel' = '00010500'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1] 'MinLevel' = '00010000'
- %TEMP%\RGI2.tmp
- %TEMP%\RGI1.tmp
- %TEMP%\RGI4.tmp
- %TEMP%\RGI3.tmp
- %HOMEPATH%\Templates\6ep306014158kqoofsqr0t5
- <LS_APPDATA>\6ep306014158kqoofsqr0t5
- <LS_APPDATA>\cjk.exe
- %TEMP%\6ep306014158kqoofsqr0t5
- %ALLUSERSPROFILE%\Application Data\6ep306014158kqoofsqr0t5
- %TEMP%\RGI3.tmp
- %TEMP%\RGI4.tmp
- %TEMP%\RGI1.tmp
- %TEMP%\RGI2.tmp
- 'qo####xiwidaz.com':80
- 'dy####cojame.com':80
- 'le###alyri.com':80
- 'wy####kodovi.com':80
- 'go###udesu.com':80
- 'bo####qexise.com':80
- 'da####kidepo.com':80
- 've###asibi.com':80
- 'xo###ehyni.com':80
- 'xe###ider.com':80
- 'so###yjek.com':80
- 'le###esax.com':80
- 'xe###agyxut.com':80
- 'he####kejepuvo.com':80
- 'ku###yfybex.com':80
- 'ti###iwof.com':80
- 'gi###ylite.com':80
- 'za###eduhyb.com':80
- 'di###onido.com':80
- 'ho###ozupuf.com':80
- 'ni###uqyn.com':80
- 'fi###eqipif.com':80
- 'jo####tuhowa.com':80
- 'my####nybihy.com':80
- 'du####bimude.com':80
- 'ja####kuxilufo.com':80
- 'jo###umehyn.com':80
- 'wu####dejypo.com':80
- 'fi###axavys.com':80
- 'jo###ijito.com':80
- DNS ASK le###alyri.com
- DNS ASK dy####cojame.com
- DNS ASK xe###agyxut.com
- DNS ASK ve###asibi.com
- DNS ASK da####kidepo.com
- DNS ASK bo####qexise.com
- DNS ASK qo####xiwidaz.com
- DNS ASK wy####kodovi.com
- DNS ASK so###yjek.com
- DNS ASK xe###ider.com
- DNS ASK de###ymykir.com
- DNS ASK ky####safamy.com
- DNS ASK ku###yfybex.com
- DNS ASK he####kejepuvo.com
- DNS ASK xo###ehyni.com
- DNS ASK le###esax.com
- DNS ASK gi###ylite.com
- DNS ASK di###onido.com
- DNS ASK jo####tuhowa.com
- DNS ASK za###eduhyb.com
- DNS ASK ni###uqyn.com
- DNS ASK ho###ozupuf.com
- DNS ASK ti###iwof.com
- DNS ASK fi###eqipif.com
- DNS ASK du####bimude.com
- DNS ASK my####nybihy.com
- DNS ASK go###udesu.com
- DNS ASK ja####kuxilufo.com
- DNS ASK fi###axavys.com
- DNS ASK wu####dejypo.com
- DNS ASK jo###umehyn.com
- DNS ASK jo###ijito.com
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: 'msascui_class' WindowName: ''
- ClassName: 'Indicator' WindowName: ''