Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Services\NtmsSvc] 'Start' = '00000002'
- '<SYSTEM32>\cmd.exe' /c %TEMP%\_$$__$$eub.cmd
- '<SYSTEM32>\rundll32.exe' <SYSTEM32>\wuauiw.dll F1 ntmssvc
- '<SYSTEM32>\rundll32.exe' <SYSTEM32>\wuauiw.dll F2 ntmssvc
- <SYSTEM32>\NtmsData\NTMSREG
- <SYSTEM32>\NtmsData\NTMSDATA
- <SYSTEM32>\NtmsData\NTMSJRNL
- <SYSTEM32>\NtmsData\NTMSIDX
- <SYSTEM32>\wuauiw.dll
- %TEMP%\_$$__$$eub.cmd
- <SYSTEM32>\NtmsData\NTMSDATA.BAK
- <SYSTEM32>\NtmsData\NTMSJRNL
- %TEMP%\_$$__$$eub.cmd
- <SYSTEM32>\NtmsData\NTMSDATA.BAK в <SYSTEM32>\NtmsData\NTMSDATA
- '22#.#22.198.25':80