Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Services\Evntconnections] 'Start' = '00000002'
- <SYSTEM32>\sc.exe create Evntconnections BinPath= %WINDIR%\inf\NTsvchost.exe type= own type= interact start= auto DisplayName= "Evnt connections"
- <SYSTEM32>\sc.exe description Evntconnections "?????????????????????,???????,??????????"
- <SYSTEM32>\sc.exe start Evntconnections
- <SYSTEM32>\cmd.exe /c <Текущая директория>\bftmp.bat
- <SYSTEM32>\sc.exe stop Evntconnections
- <SYSTEM32>\sc.exe delete Evntconnections
- <Текущая директория>\bftmp.bat
- ClassName: '' WindowName: '?????'