Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'winword016' = '%TEMP%\winword016.exe'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'winword016' = '%APPDATA%\winword016.exe'
- [<HKLM>\SYSTEM\ControlSet001\Services\Service] 'ImagePath' = '<SYSTEM32>\service.exe'
- [<HKLM>\SYSTEM\ControlSet001\Services\Service] 'Start' = '00000002'
- '<SYSTEM32>\service.exe'
- <SYSTEM32>\service.exe
- %TEMP%\winword016.exe
- %APPDATA%\winword016.exe
- <SYSTEM32>\service.exe
- %APPDATA%\winword016.exe
- '89.#5.67.97':443
- '5.##.218.11':443