Техническая информация
- Центр обеспечения безопасности (Security Center)
- Центр поддержки Windows (Action Center)
- '<SYSTEM32>\wscript.exe' "%TEMP%\cookie773.vbe"
- '<SYSTEM32>\wscript.exe' "%TEMP%\BgeJJWMN.vbe"
- '<SYSTEM32>\net1.exe' stop MpsSvc
- '<SYSTEM32>\sc.exe' config MpsSvc start= disabled
- '<SYSTEM32>\net.exe' stop MpsSvc
- '<SYSTEM32>\net.exe' stop SharedAccess
- '<SYSTEM32>\schtasks.exe' /create /TN GoogleUppdateTaskMachineAll /SC ONLOGON /RU SYSTEM /RL HIGHEST /TR %APPDATA%\GoogleUpp\BgeJJWMN.vbe
- '<SYSTEM32>\sc.exe' config SharedAccess start= disabled
- '<SYSTEM32>\net1.exe' stop SharedAccess
- '<SYSTEM32>\sc.exe' config wscsvc start= disabled
- '<SYSTEM32>\net.exe' stop wscsvc
- '<SYSTEM32>\reg.exe' add "HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer" /v HideSCAHealth /t REG_DWORD /d 0x1 /f
- '<SYSTEM32>\net1.exe' stop wscsvc
- '<SYSTEM32>\sc.exe' config WinDefend= disabled
- '<SYSTEM32>\net1.exe' stop WinDefend
- '<SYSTEM32>\net.exe' stop WinDefend
- <SYSTEM32>\schtasks.exe
- %TEMP%\cookie773.vbe
- %APPDATA%\GoogleUpp\BgeJJWMN.vbe
- %TEMP%\BgeJJWMN.vbe
- 'ke#####577fertt9.com':80
- http://ke#####577fertt9.com/cookie773.vbe
- DNS ASK ke#####577fertt9.com
- ClassName: 'Shell_TrayWnd' WindowName: ''