Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'SoundDriver' = '%WINDIR%\msapps\msrunsv\svchost.exe'
- [<HKLM>\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] '%WINDIR%\msapps\msrunsv\svchost.exe' = '%WINDIR%\msapps\msrunsv\svchost.exe:*:Enabled:SoundDriver'
- %WINDIR%\msapps\msrunsv\svchost.exe
- <SYSTEM32>\cmd.exe /c exec.bat
- %WINDIR%\msapps\msrunsv\temp.txt
- %WINDIR%\msapps\msrunsv\exec.bat
- %WINDIR%\msapps\msrunsv\svchost.exe
- 'ti####hoy.netau.net':80
- ti####hoy.netau.net/index.php?cm#####
- DNS ASK ti####hoy.netau.net
- '<IP-адрес в локальной сети>':1036
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: 'Indicator' WindowName: ''