Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'cftmon' = '%APPDATA%\cftmon.exe'
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\U98D4X8H\cip[1].php
- %HOMEPATH%\debug1214.ip
- %HOMEPATH%\debug1214.sv
- %APPDATA%\cftmon.exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\info[1].php
- 'ib##n.com':80
- ib##n.com/glgxc/cip.php
- ib##n.com/glgxc/info.php
- DNS ASK ib##n.com