Техническая информация
- %HOMEPATH%\Start Menu\Programs\Startup\Test.lnk
- [<HKLM>\SYSTEM\ControlSet001\Services\COMEventn] 'ImagePath' = 'cmd.exe /c start %WINDIR%\\Svchost.exe'
- [<HKLM>\SYSTEM\ControlSet001\Services\COMEventn] 'Start' = '00000002'
- '%WINDIR%\Svchost.exe'
- '<SYSTEM32>\cmd.exe' /c del <Имя файла>.exe
- '<SYSTEM32>\sc.exe' Create "COMEventn" type= own type= interact start= auto DisplayName= "COM+ Event System32" binPath= "cmd.exe /c start "%WINDIR%\\Svchost.exe"
- '<SYSTEM32>\sc.exe' description "COMEventn" Ц§іЦПµНіКВјюНЁЦЄ·юОс(SENS)Ј¬ґЛ·юОсОЄ¶©ФДЧй'јю¶ФПуДЈРН(COM)ЧйјюКВјюМṩЧФ¶Ї·ЦІј№¦ДЬ
- %WINDIR%\Svchost.exe
- %WINDIR%\Svchost.exe
- 'xc###3.3322.org':5208
- DNS ASK xc###3.3322.org