Техническая информация
- скрытых файлов
- '%WINDIR%\syswow64\net.exe' stop "Security Center"
- '%WINDIR%\syswow64\net.exe' stop "Windows Firewall/Internet Connection Sharing (ICS)"
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Internet Settings] 'WarnonBadCertRecving' = '00000000'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Internet Settings] 'WarnonZoneCrossing' = '00000000'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Internet Settings] 'WarnOnPostRedirect' = '00000000'
- %APPDATA%\0t0apu.exe
- http://www.ya##o.com/
- http://www.microsoft.com/pki/certs/MicRooCerAut_2010-06-23.crt
- http://al######.9kusddaily.com:82/shabi.asp via al#####f.9kusddaily.com
- DNS ASK ya##o.com
- DNS ASK microsoft.com
- DNS ASK al#####f.9kusddaily.com
- '%APPDATA%\0t0apu.exe' -copystart
- '%WINDIR%\syswow64\net.exe' stop "Security Center"' (со скрытым окном)
- '%WINDIR%\syswow64\sc.exe' config wscsvc start= DISABLED' (со скрытым окном)
- '%WINDIR%\syswow64\net.exe' stop "Windows Firewall/Internet Connection Sharing (ICS)"' (со скрытым окном)
- '%WINDIR%\syswow64\sc.exe' config SharedAccess start= DISABLED' (со скрытым окном)
- '%APPDATA%\0t0apu.exe' -copystart' (со скрытым окном)
- '%WINDIR%\syswow64\sc.exe' config wscsvc start= DISABLED
- '%WINDIR%\syswow64\sc.exe' config SharedAccess start= DISABLED
- '%WINDIR%\syswow64\net1.exe' stop "Security Center"
- '%WINDIR%\syswow64\net1.exe' stop "Windows Firewall/Internet Connection Sharing (ICS)"