Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'Coreguard Antivirus 2009' = '%PROGRAM_FILES%\Coreguard Antivirus 2009\Coreguard 2009.exe'
- Центр обеспечения безопасности (Security Center)
- '<SYSTEM32>\net1.exe' stop wscsvc
- '<SYSTEM32>\net1.exe' start winmgmt
- '<SYSTEM32>\net1.exe' start wscsvc
- '<SYSTEM32>\net1.exe' stop winmgmt
- '<SYSTEM32>\net.exe' stop wscsvc
- '<SYSTEM32>\net.exe' stop winmgmt
- '<SYSTEM32>\wbem\mofcomp.exe' %TEMP%\4otjesjty.mof
- %TEMP%\tmp1.tmp
- %TEMP%\4otjesjty.mof
- %TEMP%\tmp1.tmp
- 'gu####ab2009.biz':80
- 'co####ard2009.com':80
- 'gu####ab2009.com':80
- 'gu####ab2009.net':80
- gu####ab2009.biz/c.dat
- co####ard2009.com/c.dat
- gu####ab2009.com/c.dat
- gu####ab2009.net/c.dat
- DNS ASK co####ard2009.net
- DNS ASK co#####rdlab2009.biz
- DNS ASK co####ard2009.com
- DNS ASK co####ard2009.biz
- DNS ASK co#####rdlab2009.net
- DNS ASK gu####ab2009.net
- DNS ASK gu####ab2009.com
- DNS ASK co#####rdlab2009.com
- DNS ASK gu####ab2009.biz
- ClassName: 'Indicator' WindowName: '(null)'
- ClassName: 'Shell_TrayWnd' WindowName: '(null)'