Техническая информация
- [HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] 'winnt' = '%WINDIR%\winnt.exe'
- %WINDIR%\winnt.ini
- %WINDIR%\winnt.exe
- %WINDIR%\libeay32.dll
- %WINDIR%\msvcr71.dll
- %WINDIR%\ssleay32.dll
- 'ya.ru':80
- 'oa###.vk.com':443
- 'so###aker.kz':80
- 'ap#.vk.com':443
- http://www.so###aker.kz/get_an_external_ip_address.php
- 'oa###.vk.com':443
- 'ap#.vk.com':443
- DNS ASK ya.ru
- DNS ASK oa###.vk.com
- DNS ASK so###aker.kz
- DNS ASK ap#.vk.com
- ClassName: 'MS_WINHELP' WindowName: ''
- '%WINDIR%\winnt.exe'
- '%WINDIR%\syswow64\cmd.exe' /c REG ADD HKLM\Software\Microsoft\Windows\CurrentVersion\Run /V "winnt" /D ""%WINDIR%\winnt.exe"" /f (со скрытым окном)
- '%WINDIR%\syswow64\reg.exe' ADD HKLM\Software\Microsoft\Windows\CurrentVersion\Run /V "winnt" /D ""%WINDIR%\winnt.exe"" /f