Техническая информация
- [<HKLM>\SYSTEM\ControlSet002\Control\Session Manager] 'BootExecute' = ''
- [<HKLM>\SYSTEM\ControlSet001\Control\Session Manager] 'BootExecute' = ''
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'Windows32' = '%WINDIR%\system\win32.exe'
- <SYSTEM32>\reg.exe add "HKLM\SYSTEM\CurrentControlSet\Control\Session manager" /v BootExecute /t REG_MULTI_SZ /d "autocheck autochk *" /f
- <SYSTEM32>\netsh.exe firewall add allowedprogram %WINDIR%\system\win32.exe RPCCC
- <SYSTEM32>\reg.exe add "HKLM\SYSTEM\ControlSet002\Control\Session manager" /v BootExecute /t REG_MULTI_SZ /d "autocheck autochk *" /f
- <SYSTEM32>\sc.exe delete GbpSv
- <SYSTEM32>\reg.exe add "HKLM\SYSTEM\ControlSet001\Control\Session manager" /v BootExecute /t REG_MULTI_SZ /d "autocheck autochk *" /f
- %WINDIR%\system\win32.exe
- 'xi##.#oolpage.biz':80
- xi##.#oolpage.biz/count.php
- DNS ASK xi##.#oolpage.biz
- '<IP-адрес в локальной сети>':1036