Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'Spooler SubSystem App' = '%PROGRAM_FILES%\Windows Media Player\spoolsv.exe'
- Средство контроля пользовательских учетных записей (UAC)
- '<SYSTEM32>\net1.exe' stop WinDefend
- '<SYSTEM32>\sc.exe' delete WinDefend
- '<SYSTEM32>\net.exe' stop WinDefend
- <SYSTEM32>\spoolsv.exe
- %PROGRAM_FILES%\Windows Media Player\RCX4683.tmp
- %PROGRAM_FILES%\Windows Media Player\RCX478D.tmp
- %PROGRAM_FILES%\Windows Media Player\RCX4588.tmp
- %PROGRAM_FILES%\Windows Media Player\spoolsv.exe
- %PROGRAM_FILES%\Windows Media Player\RCX449D.tmp
- %PROGRAM_FILES%\Windows Media Player\RCX4683.tmp в %PROGRAM_FILES%\Windows Media Player\spoolsv.exe
- %PROGRAM_FILES%\Windows Media Player\RCX478D.tmp в %PROGRAM_FILES%\Windows Media Player\spoolsv.exe
- %PROGRAM_FILES%\Windows Media Player\RCX449D.tmp в %PROGRAM_FILES%\Windows Media Player\spoolsv.exe
- %PROGRAM_FILES%\Windows Media Player\RCX4588.tmp в %PROGRAM_FILES%\Windows Media Player\spoolsv.exe
- DNS ASK dn#.##ftncsi.com
- DNS ASK so###de.com.br
- ClassName: 'Shell_TrayWnd' WindowName: ''