Техническая информация
- Центр обеспечения безопасности (Security Center)
- '<SYSTEM32>\net.exe' stop wscsvc
- '<SYSTEM32>\svchost.exe'
- '<SYSTEM32>\sc.exe' config wscsvc start= disabled
- '<SYSTEM32>\net1.exe' stop SharedAccess
- '<SYSTEM32>\net1.exe' stop wscsvc
- '<SYSTEM32>\net.exe' stop SharedAccess
- '<SYSTEM32>\cmd.exe' /c sc config SharedAccess start= disabled
- '<SYSTEM32>\cmd.exe' /c net stop SharedAccess
- '%WINDIR%\explorer.exe'
- '<SYSTEM32>\sc.exe' config SharedAccess start= disabled
- '<SYSTEM32>\cmd.exe' /c sc config wscsvc start= disabled
- '<SYSTEM32>\cmd.exe' /c net stop wscsvc
- [<HKCU>\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook]
- [<HKCU>\Software\Microsoft\Internet Explorer\IntelliForms\Storage2]
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\gate[1].htm
- 'fo###tmeand.com':80
- http://fo###tmeand.com/h/gate.php
- DNS ASK fo###tmeand.com