Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'ctfmon' = '%WINDIR%\ctfmon.exe'
- '<SYSTEM32>\ntvdm.exe' -f -i1
- '%WINDIR%\ctfmon.exe'
- %WINDIR%\Temp\scs1.tmp
- %WINDIR%\Temp\scs2.tmp
- %WINDIR%\dllhostxp.exe
- %WINDIR%\ctfmon.exe
- %WINDIR%\mastorscorps.cfg
- %WINDIR%\Temp\scs2.tmp
- %WINDIR%\Temp\scs1.tmp
- 'xi######imupt.brasilia.me':4320
- 'ca########ientesadsas.web.br.com':80
- http://ca########ientesadsas.web.br.com/boots.exe
- DNS ASK xi######imupt.brasilia.me
- DNS ASK www.go###e.com.br
- DNS ASK ca########ientesadsas.web.br.com
- ClassName: 'ConsoleWindowClass' WindowName: 'ntvdm-b2c.b30.380001'
- ClassName: 'Indicator' WindowName: ''