Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'wminit' = '%CommonProgramFiles%\System\wminit.exe'
- %CommonProgramFiles%\System\wminit.exe "<Полный путь к вирусу>"
- <SYSTEM32>\net1.exe stop Alerter
- <SYSTEM32>\sc.exe config SharedAccess start=disabled
- <SYSTEM32>\net1.exe stop SharedAccess
- <SYSTEM32>\net1.exe stop wscsvc
- <SYSTEM32>\net.exe stop SharedAccess
- <SYSTEM32>\sc.exe config Alerter start=disabled
- <SYSTEM32>\net.exe stop Alerter
- <SYSTEM32>\sc.exe config wscsvc start=disabled
- <SYSTEM32>\net.exe stop wscsvc
- %CommonProgramFiles%\System\wminit.exe
- %CommonProgramFiles%\System\wminit.dat
- 't1###18191.net':53100
- DNS ASK t1###18191.org
- DNS ASK t1###18191.net
- '<IP-адрес в локальной сети>':1035