Техническая информация
- %ALLUSERSPROFILE%\Start Menu\Programs\Startup\ctfmon.exe
- [<HKLM>\SYSTEM\ControlSet001\Services\Nwsapagent] 'Start' = '00000002'
- %ALLUSERSPROFILE%\Start Menu\Programs\Startup\ctfmon.exe
- <SYSTEM32>\rundll32.exe <SYSTEM32>\nwagentsvct.dll NwQueryStatus <Полный путь к вирусу>
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\69I9OPW5\0Gre1Wdd5GqCAAAAYs8H49qxLTfFXCegWFEfUSjYWc6A[1].bmp
- %TEMP%\LkHx.tmp
- <SYSTEM32>\nwagentsvct.dll
- <SYSTEM32>\msvatsd.dll
- %TEMP%\LkHx.tmp
- '67.##.171.124':80
- 'localhost':1036
- 67.##.171.124/pic/0Gre1Wdd5GqCAAAAYs8H49qxLTfFXCegWFEfUSjYWc6A.bmp