Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Active Setup\Installed Components\{UGLSNZ5H-M0AA-MC8D-NUPZ-1JSHVTPRDWPV}] 'StubPath' = '%CommonProgramFiles%\Microsoft Service\S-1-5-21-0676065040-6013808633-1220152867-1323\service.exe'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run] 'Win Update' = '%CommonProgramFiles%\Microsoft Service\S-1-5-21-0676065040-6013808633-1220152867-1323\service.exe'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'Win Update' = '%CommonProgramFiles%\Microsoft Service\S-1-5-21-0676065040-6013808633-1220152867-1323\service.exe'
- [<HKLM>\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] 'DoNotAllowExceptions' = '00000000'
- [<HKLM>\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] 'EnableFirewall' = '00000000'
- %CommonProgramFiles%\Microsoft Service\S-1-5-21-0676065040-6013808633-1220152867-1323\service.exe
- <SYSTEM32>\netsh.exe firewall set opmode mode = disable
- <SYSTEM32>\regsvr32.exe /s "<SYSTEM32>\mswinsck.ocx"
- %CommonProgramFiles%\Microsoft Service\S-1-5-21-0676065040-6013808633-1220152867-1323\service.exe
- <SYSTEM32>\mswinsck.ocx
- %TEMP%\~DFCDF6.tmp
- 'ip###cation.com':80
- 'any':0
- ip###cation.com/
- DNS ASK ip###cation.com
- ClassName: 'Indicator' WindowName: ''