Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'cftmon' = '%PROGRAM_FILES%\Windows\Themes\wscntfy.exe'
- %APPDATA%\Windows\Themes\report.txt
- %APPDATA%\Windows\Themes\TranscodedWallpaper.jpg
- %TEMP%\aut1.tmp
- %TEMP%\jcmurcb
- %TEMP%\jcmurcb
- %TEMP%\aut1.tmp
- 'ft#.###eanerx.hourb.com':21
- DNS ASK ft#.###eanerx.hourb.com