Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Services\WdiaSvc] 'Start' = '00000002'
- '%WINDIR%\WdiSvc.exe'
- '<SYSTEM32>\sc.exe' config UI0Detect start= disabled
- '<SYSTEM32>\sc.exe' stop UI0Detect
- '<SYSTEM32>\cmd.exe' /c %WINDIR%\TEMP\_tmp75.bat
- %WINDIR%\Temp\_tmp75.bat
- %WINDIR%\WdiSvc.exe
- DNS ASK te##.#aoye123.net
- 'te##.#aoye123.net':8899
- ClassName: 'MS_WINHELP' WindowName: '(null)'