Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Services\SVCH0ST] 'Start' = '00000002'
- '%WINDIR%\SVCH0ST.EXE'
- '%WINDIR%\SVCHOOST.EXE'
- '<Текущая директория>\cx.exe'
- '<SYSTEM32>\cmd.exe' /c %WINDIR%\uninstal.bat
- %WINDIR%\SVCH0ST.EXE
- %WINDIR%\uninstal.bat
- %WINDIR%\SVCHOOST.EXE
- <Текущая директория>\cx.exe
- %WINDIR%\SVCH0ST.EXE
- %WINDIR%\SVCHOOST.EXE
- %TEMP%\~DF4D57.tmp
- <Текущая директория>\cx.exe
- 'ca###.vicp.net':8800
- DNS ASK ca###.vicp.net
- ClassName: 'Shell_TrayWnd' WindowName: ''