Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Active Setup\Installed Components\{F5EAD5FB-2D8A-8A3F-630A-EAF2E77E8B73}] 'StubPath' = '<SYSTEM32>\sfc_os.exe /i'
- '<SYSTEM32>\sfcfiles.exe'
- '<SYSTEM32>\sfc_os.exe'
- '<SYSTEM32>\cmd.exe' /c <SYSTEM32>\_deleteme.bat
- '<SYSTEM32>\ntvdm.exe' -f -i1
- '<SYSTEM32>\reg.exe' delete "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Active Setup\Installed Components\{F5EAD5FB-2D8A-8A3F-630A-EAF2E77E8B73}" /f
- '<SYSTEM32>\cmd.exe' /c <SYSTEM32>\_Setup.bat
- '<SYSTEM32>\reg.exe' add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{F5EAD5FB-2D8A-8A3F-630A-EAF2E77E8B73}" /v StubPath /t REG_SZ /d "<SYSTEM32>\sfc_os.exe /i" /f
- <SYSTEM32>\shfolder.nls
- <SYSTEM32>\shdocvw.cpl
- <SYSTEM32>\sfmapi.exe
- %WINDIR%\Temp\scs2.tmp
- %WINDIR%\Temp\scs1.tmp
- <SYSTEM32>\sfcfiles.exe
- <SYSTEM32>\_Setup.bat
- <SYSTEM32>\c_l5418.nls
- <SYSTEM32>\sfc_os.exe
- <SYSTEM32>\shell.nls
- <SYSTEM32>\_deleteme.bat
- %WINDIR%\Temp\scs2.tmp
- %WINDIR%\Temp\scs1.tmp
- 'ej###.dyndns.org':80
- '<IP-адрес в локальной сети>':80
- ej###.dyndns.org/config.asp?id#########
- <IP-адрес в локальной сети>
- DNS ASK ej###.dyndns.org
- ClassName: 'ConsoleWindowClass' WindowName: 'ntvdm-b88.b8c.3c0007'