Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Services\Insider] 'Start' = '00000002'
- <SYSTEM32>\insider.exe -s
- <SYSTEM32>\sc.exe description "Insider" "Insider"
- <SYSTEM32>\sc.exe start "Insider"
- <SYSTEM32>\cmd.exe /c "%TEMP%\1.tmp.bat"
- <SYSTEM32>\sc.exe stop "Insider"
- <SYSTEM32>\sc.exe delete "Insider"
- <SYSTEM32>\sc.exe create "Insider" binPath= "<SYSTEM32>\insider.exe -s" start= auto error= ignore DisplayName= "Insider"
- %TEMP%\1.tmp.bat
- <SYSTEM32>\insider.exe
- <SYSTEM32>\guidex.dat
- 'dn###blic2.net':4000
- 'dn###blic2.com':4000
- DNS ASK dn###blic2.net
- DNS ASK dn###blic2.com