Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'AutorunApp' = '<SYSTEM32>\config\svchost.exe'
- <SYSTEM32>\config\svchost.exe
- <SYSTEM32>\reg.exe add "HKLM\SYSTEM\CurrentControlSet\Services\wscsvc" /v Start /t REG_DWORD /d 0x4 /f
- <SYSTEM32>\reg.exe add "HKLM\SYSTEM\CurrentControlSet\Services\wuauserv" /v Start /t REG_DWORD /d 0x4 /f
- <SYSTEM32>\net1.exe stop SharedAccess
- <SYSTEM32>\net1.exe stop "Security Center"
- <SYSTEM32>\net.exe stop "Security Center"
- <SYSTEM32>\reg.exe add HKLM\Software\Microsoft\Windows\CurrentVersion\Run /v AutorunApp /t REG_SZ /d <SYSTEM32>\config\svchost.exe /f
- <SYSTEM32>\reg.exe add "HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess" /v Start /t REG_DWORD /d 0x4 /f
- <SYSTEM32>\net.exe stop SharedAccess
- <SYSTEM32>\config\svchost.exe
- 'www.fa####ok-amira.com':80
- www.fa####ok-amira.com/mailform2.php?he##################################################################################################
- DNS ASK www.fa####ok-amira.com