Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'update' = '%APPDATA%\custom\update.exe'
- <SYSTEM32>\reg.exe add "HKLM\SYSTEM\CurrentControlSet\Services\wscsvc" /v Start /t REG_DWORD /d 0x4 /f
- <SYSTEM32>\net1.exe stop "Security Center"
- <SYSTEM32>\net1.exe stop SharedAccess
- <SYSTEM32>\reg.exe add "HKLM\SYSTEM\CurrentControlSet\Services\wuauserv" /v Start /t REG_DWORD /d 0x4 /f
- <SYSTEM32>\reg.exe add "HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess" /v Start /t REG_DWORD /d 0x4 /f
- <SYSTEM32>\net.exe stop "Security Center"
- <SYSTEM32>\net.exe stop SharedAccess
- %APPDATA%\custom\update.exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\69I9OPW5\key[1].php
- %APPDATA%\key.php
- %APPDATA%\index.html
- 'ch######1337.ch.funpic.de':80
- 'localhost':1041
- 'ch######1337.ch.funpic.de':21
- ch######1337.ch.funpic.de/logs/USER-4BB09A9C02/key.php?te###
- DNS ASK ch######1337.ch.funpic.de
- ClassName: 'MS_AutodialMonitor' WindowName: ''
- ClassName: 'MS_WebcheckMonitor' WindowName: ''
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: 'Indicator' WindowName: ''