Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Services\Microsoft Machine Control] 'Start' = '00000002'
- [<HKLM>\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] '%PROGRAM_FILES%\bazi\svchost.exe' = '%PROGRAM_FILES%\bazi\svchost.exe:*:Enabled:Win32load'
- '%PROGRAM_FILES%\bazi\svchost.exe'
- '<SYSTEM32>\netsh.exe' firewall set allowedprogram %PROGRAM_FILES%\bazi\svchost.exe Win32load
- %PROGRAM_FILES%\bazi\TS.dll
- %PROGRAM_FILES%\bazi\tv.dll
- %PROGRAM_FILES%\bazi\svchost.exe
- %PROGRAM_FILES%\bazi\Teamviewer_Resource_en.dll
- 'localhost':9998
- 'wp#d':80
- wp#d/wpad.dat
- DNS ASK ma#####.teamviewer.com
- DNS ASK crl.verisign.com
- DNS ASK pi###.dyngate.com
- DNS ASK wp#d
- DNS ASK cs######4-crl.verisign.com
- ClassName: 'Shell_TrayWnd' WindowName: '(null)'
- ClassName: 'EDIT' WindowName: '(null)'