Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Services\Transct] 'Start' = '00000002'
- [<HKLM>\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] '<SYSTEM32>' = '<SYSTEM32>\BsHelpA.exe:*:Enabled:Microsoft (R) Internetal IExplore'
- '<SYSTEM32>\BsHelpA.exe'
- '<SYSTEM32>\ping.exe' 127.1 -n 3
- C:\2.bat
- <SYSTEM32>\BsHelpA.exe
- <SYSTEM32>\BsHelpA.exe
- 'me####55.3322.org':8001
- 'www.fg##chr.cn':81
- DNS ASK me####55.3322.org
- DNS ASK www.fg##chr.cn