Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\WINWORD.EXE] 'Debugger' = '<SYSTEM32>\Microsoft\ctfmon.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] 'Userinit' = '<SYSTEM32>\userinit.exe,<SYSTEM32>\nppagent.exe'
- скрытых файлов
- <SYSTEM32>\attrib.exe +s +h "<SYSTEM32>\Microsoft\ctfmon.exe"
- <SYSTEM32>\attrib.exe +s +h "%PROGRAM_FILES%\Internet Explorer\EXPLORE.EXE"
- <SYSTEM32>\ping.exe 127.0.0.1 -n 2
- <SYSTEM32>\attrib.exe +s +h "<SYSTEM32>\nppagent.exe"
- <SYSTEM32>\attrib.exe +s +h "<SYSTEM32>\IME\comrereg.exe"
- <SYSTEM32>\attrib.exe +s +h "%PROGRAM_FILES%\Windows Media Player\wmpband.exe"
- <SYSTEM32>\attrib.exe +s +h "<SYSTEM32>\DirectX\Setup.exe"
- %TEMP%\~DF857.tmp
- 'co####8.51yes.com':80
- 'localhost':1035
- DNS ASK co####8.51yes.com