Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Active Setup\Installed Components\{0cb69fff-0b12-11e1-b22f-806d6172696f}] 'StubPath' = '%ALLUSERSPROFILE%\Application Data\wcntfy64.exe -r'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'Video Driver' = '%ALLUSERSPROFILE%\Application Data\wcntfy64.exe'
- скрытых файлов
- Средство контроля пользовательских учетных записей (UAC)
- '%CommonProgramFiles%\lsmas64.exe'
- '%ALLUSERSPROFILE%\Application Data\wcntfy64.exe'
- '<SYSTEM32>\netsh.exe' netsh advfirewall firewall add rule name="Network Component" dir=in action=allow program="%ALLUSERSPROFILE%\Application Data\wcntfy64.exe" enable=yes
- %TEMP%\dw.log
- %TEMP%\32607.dmp
- %ALLUSERSPROFILE%\Application Data\wcntfy64.exe
- %CommonProgramFiles%\lsmas64.exe
- %CommonProgramFiles%\lsmas64.exe
- %ALLUSERSPROFILE%\Application Data\wcntfy64.exe
- ClassName: 'Shell_TrayWnd' WindowName: '(null)'