Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Services\LnnHosts] 'Start' = '00000002'
- [<HKLM>\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] '%PROGRAM_FILES%\Windows Media Player\svchost.exe' = '%PROGRAM_FILES%\Windows Media Player\svchost.exe:*:Enabled:SystemUpdata'
- '%PROGRAM_FILES%\Windows Media Player\svchost.exe' -k LocalService
- '<SYSTEM32>\cmd.exe' /c ""<Текущая директория>\1.bat" "
- <Текущая директория>\1.bat
- %PROGRAM_FILES%\Windows Media Player\svchost.exe
- 'ke#####amn.gnway.net':51212
- DNS ASK ke#####amn.gnway.net
- ClassName: 'MS_WINHELP' WindowName: ''