Техническая информация
- '<SYSTEM32>\reg.exe' add "HKLM\SYSTEM\CurrentControlSet\Services\wscsvc" /v Start /t REG_DWORD /d 0x4 /f
- '<SYSTEM32>\reg.exe' add "HKLM\SYSTEM\CurrentControlSet\Services\wuauserv" /v Start /t REG_DWORD /d 0x4 /f
- '<SYSTEM32>\net1.exe' stop "Security Center"
- '<SYSTEM32>\cmd.exe' /c ""%TEMP%\924.bat" "
- '<SYSTEM32>\ntvdm.exe' -f -i1
- '<SYSTEM32>\net.exe' stop "Security Center"
- '<SYSTEM32>\net.exe' stop sharedaccess
- '<SYSTEM32>\net.exe' stop wscsvc
- '<SYSTEM32>\reg.exe' add "HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess" /v Start /t REG_DWORD /d 0x4 /f
- '<SYSTEM32>\net1.exe' stop sharedaccess
- '<SYSTEM32>\net1.exe' stop wscsvc
- [<HKCU>\Software\FTPWare\COREFTP\Sites]
- %WINDIR%\Temp\scs2.tmp
- %TEMP%\924.bat
- %TEMP%\IconChanger38.exe
- %WINDIR%\Temp\scs1.tmp
- %WINDIR%\Temp\scs2.tmp
- %WINDIR%\Temp\scs1.tmp
- 'www.fa####cnihnauka.us':80
- 'localhost':1036
- www.fa####cnihnauka.us/explicitlyrics/index.php?ac################################
- DNS ASK www.fa####cnihnauka.us
- ClassName: 'MS_WebcheckMonitor' WindowName: '(null)'
- ClassName: 'MS_AutodialMonitor' WindowName: '(null)'
- ClassName: 'ConsoleWindowClass' WindowName: 'ntvdm-bb0.bbc.3f0002'