Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Services\PDVDServ] 'Start' = '00000002'
- %PROGRAM_FILES%\CyberLink\PDVDServ.exe
- %PROGRAM_FILES%\CyberLink\PDVDServ.exe (загружен из сети Интернет)
- <SYSTEM32>\sc.exe create PDVDServ binPath= "%PROGRAM_FILES%\CyberLink\PDVDServ.exe" type= own start= auto
- <SYSTEM32>\sc.exe delete PDVDServ
- <SYSTEM32>\sc.exe stop PDVDServ
- %PROGRAM_FILES%\CyberLink\0001eecf.exe
- '19###.63810.com':80
- 19###.63810.com/update/a11.exe
- DNS ASK 19###.63810.com