Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Services\NVIDIA Card] 'Start' = '00000002'
- <SYSTEM32>\SVCHVS.EXE
- <SYSTEM32>\attrib.exe TKPKQIGK.dat +s +h +r
- <SYSTEM32>\attrib.exe netddt.dll +s +h +r
- <SYSTEM32>\attrib.exe <SYSTEM32>\SVCHVS.EXE +s +h +r
- <SYSTEM32>\attrib.exe <SYSTEM32>\TKPKQIGK.dat +s +h +r
- <SYSTEM32>\attrib.exe <SYSTEM32>\netddt.dll +s +h +r
- <SYSTEM32>\attrib.exe SVCHVS.EXE +s +h +r
- <SYSTEM32>\sc.exe create "NVIDIA Card" BinPath= "<SYSTEM32>\SVCHVS.EXE" type= own type= interact start= auto DisplayName= "NVIDIA Card"
- <SYSTEM32>\wscript.exe "<SYSTEM32>\KOF.vbs"
- <SYSTEM32>\sc.exe description "NVIDIA Card" "service is stopped, protected content might not be down loaded Driver Service."
- %WINDIR%\regedit.exe /s <SYSTEM32>\KOF.reg
- <SYSTEM32>\net1.exe start "NVIDIA Card"
- <SYSTEM32>\SVCHVS.EXE
- <SYSTEM32>\TKPKQIGK.dat
- <SYSTEM32>\netddt.dll
- <SYSTEM32>\KOF.bat
- <SYSTEM32>\KOF.reg
- <SYSTEM32>\KOF.vbs
- <SYSTEM32>\TKPKQIGK.dat
- <SYSTEM32>\SVCHVS.EXE
- <SYSTEM32>\KOF.reg
- <SYSTEM32>\KOF.vbs
- <SYSTEM32>\netddt.dll
- '70###.ipread.com':3685
- DNS ASK 70###.ipread.com
- ClassName: 'RegEdit_RegEdit' WindowName: ''
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: 'EDIT' WindowName: ''