Техническая информация
- Центр обеспечения безопасности (Security Center)
- '' (загружен из сети Интернет)
- '<SYSTEM32>\net.exe' stop wscsvc
- '<SYSTEM32>\net.exe' stop sharedaccess
- %WINDIR%\z_<Имя файла>_debug.txt
- <SYSTEM32>\wscntfy.exe.new
- %WINDIR%\winlogon.exe
- <SYSTEM32>\comctl32.ocx
- <SYSTEM32>\dllcache\wscntfy.exe.new
- <SYSTEM32>\wscntfy.exe
- <SYSTEM32>\dllcache\wscntfy.exe.new
- '20#.#6.232.182':80
- 'localhost':1041
- '66.##.221.149':80
- http://66.##.221.149/webserver/bin/winlogon.exe
- http://66.##.221.149/webserver/bin/comctl32.ocx
- DNS ASK www.microsoft.com
- '%WINDIR%\winlogon.exe' http://66.##.221.149/webserver/bin/,http://66.##.221.149/webserver/admin//clients/adminclients.html,http://66.##.221.149/webserver/admin//clients/adminclients.html,http://66.##.221.149/webserve...
- '<SYSTEM32>\net1.exe' stop wscsvc
- '<SYSTEM32>\net1.exe' stop sharedaccess
- '<SYSTEM32>\sc.exe' delete wscsvc
- '<SYSTEM32>\sc.exe' delete sharedaccess
- '<SYSTEM32>\regsvr32.exe' /s <SYSTEM32>\comctl32.ocx