Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run] 'a5x3tq' = '%TEMP%\202fbh.exe'
- Центр обеспечения безопасности (Security Center)
- '<SYSTEM32>\net1.exe' stop "Windows Firewall/Internet Connection Sharing (ICS)"
- '%TEMP%\202fbh.exe'
- '%TEMP%\202fbh.exe' -dD1C26F85CA0D0CD37988062191D548BB4B94395E3D26B86EE184098A558E154E1D66A28AEB857A09BDD797F0CEF2C7E22F2D6ED1006E486CA6925F2C6BD892316DE059EECF02AE477B4E46CFFF357A7F484C90D04DCD4BBEE051E48343BAD75...
- '<SYSTEM32>\cmd.exe' /c %TEMP%\1t71u4bzz.bat
- '<SYSTEM32>\net1.exe' stop "Security Center"
- '<SYSTEM32>\sc.exe' config wscsvc start= DISABLED
- '<SYSTEM32>\net.exe' stop "Security Center"
- '<SYSTEM32>\sc.exe' config SharedAccess start= DISABLED
- '<SYSTEM32>\net.exe' stop "Windows Firewall/Internet Connection Sharing (ICS)"
- %TEMP%\1t71u4bzz.bat
- %TEMP%\~DF903D.tmp
- %TEMP%\~DFDEA4.tmp
- %TEMP%\~DF2E5F.tmp
- %TEMP%\202fbh.exe
- %TEMP%\~DF903D.tmp
- %TEMP%\~DF2E5F.tmp
- 'ex#.##rfectexe.com':255
- DNS ASK ex#.##rfectexe.com
- ClassName: 'MS_WebcheckMonitor' WindowName: ''
- ClassName: 'MS_AutodialMonitor' WindowName: ''