Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] 'ExceptionManager' = '{8552372B-16FA-167F-8948-B3B4118D42B7}'
- [<HKLM>\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] '%windir%\explorer.exe' = '%windir%\explorer.exe:*:enabled:Shell update server connection'
- '<SYSTEM32>\cmd.exe' /c C:\a.bat
- C:\a.bat
- <SYSTEM32>\svchost.dll