Техническая информация
- [HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] 'Winsys' = '<SYSTEM32>\winso'
- [HKCU\Software\Microsoft\Windows\CurrentVersion\Run] 'Win32' = '<SYSTEM32>\winke'
- скрытых файлов
- расширений файлов
- Диспетчера задач (Taskmgr)
- Редактора реестра (RegEdit)
- [HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] 'NoFind' = '00000001'
- [HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] 'NoDesktop' = '00000001'
- [HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] 'NoRun' = '00000001'
- [HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] 'NoClose' = '00000001'
- [HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] 'NoViewContextMenu' = '00000001'
- [HKCU\Software\Microsoft\Internet Explorer\Main] 'Window Title' = 'Vive Les Marmottes qui ch'
- %WINDIR%\syswow64\winsock.exe
- %WINDIR%\syswow64\winkernel32.exe
- %WINDIR%\syswow64\winsock.exe
- %WINDIR%\syswow64\winkernel32.exe
- '%WINDIR%\syswow64\cmd.exe' /c attrib +h +s "<SYSTEM32>\winsock.exe"
- '%WINDIR%\syswow64\attrib.exe' +h +s "<SYSTEM32>\winsock.exe"
- '%WINDIR%\syswow64\cmd.exe' /c attrib +h +s "<SYSTEM32>\winkernel32.exe"
- '%WINDIR%\syswow64\attrib.exe' +h +s "<SYSTEM32>\winkernel32.exe"