Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Services\ksdsvc] 'Start' = '00000002'
- '%PROGRAM_FILES%\Kingsoft\ksdsvc.exe'
- '%PROGRAM_FILES%\Kingsoft\ksdsvc.exe' (загружен из сети Интернет)
- '<SYSTEM32>\sc.exe' create ksdsvc binPath= "%PROGRAM_FILES%\Kingsoft\ksdsvc.exe" type= own start= auto
- '<SYSTEM32>\sc.exe' delete ksdsvc
- '<SYSTEM32>\sc.exe' stop ksdsvc
- %PROGRAM_FILES%\Kingsoft\00047a7c.exe
- %PROGRAM_FILES%\Kingsoft\00047a7c.exe в %PROGRAM_FILES%\Kingsoft\ksdsvc.exe
- '43###.63810.com':80
- 43###.63810.com/update/a11.exe
- DNS ASK 43###.63810.com