Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Services\NetStateCheck] 'Start' = '00000002'
- [<HKLM>\SYSTEM\ControlSet001\Services\NtDllCheck] 'Start' = '00000002'
- [<HKLM>\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] '<SYSTEM32>\netsvcnt.exe' = '<SYSTEM32>\netsvcnt.exe:*:Enabled:Windows NTService'
- [<HKLM>\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] '<SYSTEM32>\nethost32.exe' = '<SYSTEM32>\nethost32.exe:*:Enabled:Windows Network Services'
- '<SYSTEM32>\winNetSc.exe'
- '<SYSTEM32>\winNTdll.exe'
- '<SYSTEM32>\cmd.exe' /c ""c:\kill32.bat" "
- <SYSTEM32>\winNetSc.exe
- <SYSTEM32>\winNTdll.exe
- C:\kill32.bat
- 'sm##.nate.com':25
- DNS ASK sm##.nate.com