Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Services\PNCD] 'Start' = '00000002'
- [<HKLM>\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] '%CommonProgramFiles%\Services\svchost.exe' = '%CommonProgramFiles%\Services\svchost.exe:*:Enabled:IEUpdata'
- '%CommonProgramFiles%\Services\svchost.exe' -k DriversService
- '<SYSTEM32>\cmd.exe' /c ""<Текущая директория>\del.bat" "
- <Текущая директория>\del.bat
- %CommonProgramFiles%\Services\svchost.exe
- 'www.sk###ort.com':5012
- DNS ASK www.sk###ort.com
- ClassName: 'MS_WINHELP' WindowName: '(null)'