Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Services\srvsysdriver32] 'Start' = '00000002'
- %WINDIR%\sysdriver32.exe srv
- <SYSTEM32>\sc.exe delete "srvsysdriver32"
- <SYSTEM32>\sc.exe create "srvsysdriver32" binpath= "%WINDIR%\sysdriver32.exe srv" start= "auto"
- <SYSTEM32>\net1.exe start "srvsysdriver32"
- <SYSTEM32>\net1.exe stop "srvsysdriver32"
- <SYSTEM32>\schtasks.exe /end /tn "system1
- <SYSTEM32>\schtasks.exe /delete /tn "system1" /F
- <SYSTEM32>\net.exe stop "srvsysdriver32"
- %WINDIR%\sysdriver32.exe
- 'dr#####updates-info.com':80
- 'fr###pac.net':80
- 'su####arsinfo.net':80
- dr#####updates-info.com/distrib_serv/ip_list.php
- fr###pac.net/distrib_serv/ip_list.php
- su####arsinfo.net/distrib_serv/ip_list.php
- DNS ASK dr#####updates-info.com
- DNS ASK fr###pac.net
- DNS ASK su####arsinfo.net
- ClassName: 'MS_WINHELP' WindowName: ''