Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'Update' = '%APPDATA%\svchost.exe'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'Update' = '%APPDATA%\svchost.exe'
- [<HKLM>\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] '%APPDATA%\AnyDesk.exe' = '%APPDATA%\AnyDesk.exe:*:Enabled:AnyDesk'
- [<HKLM>\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] '%APPDATA%\AnyDesk.exe' = '%APPDATA%\AnyDesk.exe:*:Enabled:AnyDesk'
- '<SYSTEM32>\svchost.exe' -k LocalService
- '<SYSTEM32>\svchost.exe' -k rpcss
- '%CommonProgramFiles%\Microsoft Shared\DW\DW20.EXE' -x -s 1124
- '<SYSTEM32>\svchost.exe' -k netsvcs
- '%APPDATA%\svchost.exe'
- '%APPDATA%\AnyDesk.exe'
- '%APPDATA%\AnyDesk.exe' --local-control
- '%APPDATA%\AnyDesk.exe' --local-service
- <SYSTEM32>\svchost.exe
- %APPDATA%\AnyDesk\system.conf
- %APPDATA%\AnyDesk\service.conf
- %TEMP%\2CEA0.dmp
- %TEMP%\dw.log
- %APPDATA%\svchost.exe
- %APPDATA%\AnyDesk.exe
- %APPDATA%\AnyDesk\user.conf
- %APPDATA%\AnyDesk\ad.trace
- 'wp#d':80
- '85.##.103.30':443
- '85.##.103.30':80
- '78.#6.49.23':80
- 'bo####.anydesk.com':443
- 'bo####.anydesk.com':80
- '78.#6.49.23':443
- http://11#.#11.111.2/wpad.dat via wp#d
- DNS ASK wp#d
- DNS ASK bo####.anydesk.com
- ClassName: 'Shell_TrayWnd' WindowName: ''