Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Services\MSIService] 'Start' = '00000002'
- [<HKLM>\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] '<DRIVERS>\svchost.exe' = '<DRIVERS>\svchost.exe:*:Enabled:Windows Update'
- '<DRIVERS>\svchost.exe'
- '<SYSTEM32>\reg.exe' add HKLM\SYSTEM\CurrentControlSet\Services\MSIService /v Description /t reg_sz /d "Predefined Windows Installer conditions allow you to add both a Windows Installer search and a launch condition in a single step based on the search." /f
- '<SYSTEM32>\reg.exe' add HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List /v "<DRIVERS>\svchost.exe" /t REG_SZ /d "<DRIVERS>\svchost.exe:*:Enabled:Windows Update" /f
- <DRIVERS>\msisvc.log
- <DRIVERS>\svchost.exe
- 'an##.uphero.com':80
- 'my###97.my1.ru':80
- my###97.my1.ruhttp://my56197.my1.ru/my.html
- an##.uphero.comhttp://anal.uphero.com/my/opa.php
- DNS ASK an##.uphero.com
- DNS ASK my###97.my1.ru