Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'Svhost' = '\host\svchost.exe'
- 'C:\service.exe' /pid=1524
- 'C:\service.exe' /pid=1952
- 'C:\service.exe' /pid=3952
- 'C:\service.exe' /pid=2772
- 'C:\service.exe' /pid=2228
- 'C:\service.exe' /pid=1396
- 'C:\service.exe' /pid=3332
- 'C:\service.exe' /pid=1688
- 'C:\service.exe' /pid=2868
- 'C:\service.exe' /pid=3988
- 'C:\service.exe' /pid=2908
- 'C:\service.exe' /pid=2980
- 'C:\service.exe'
- 'C:\service.exe' +h +s \host
- 'C:\service.exe' /pid=3088
- 'C:\service.exe' /pid=3540
- 'C:\service.exe' /pid=1512
- 'C:\service.exe' /pid=2968
- 'C:\service.exe' /pid=3304
- '<SYSTEM32>\attrib.exe' /pid=2520
- '<SYSTEM32>\attrib.exe' /pid=2656
- '<SYSTEM32>\attrib.exe' /pid=3896
- '<SYSTEM32>\attrib.exe' /pid=3924
- '<SYSTEM32>\attrib.exe' /pid=3888
- '<SYSTEM32>\attrib.exe' /pid=3632
- '<SYSTEM32>\attrib.exe' /pid=3400
- '<SYSTEM32>\attrib.exe' /pid=2968
- '<SYSTEM32>\attrib.exe' /pid=2828
- '<SYSTEM32>\attrib.exe' /pid=3872
- '<SYSTEM32>\attrib.exe' /pid=812
- '<SYSTEM32>\attrib.exe' /pid=1524
- '<SYSTEM32>\attrib.exe'
- '<SYSTEM32>\attrib.exe' +h +s \host
- '<SYSTEM32>\attrib.exe' /pid=208
- '<SYSTEM32>\attrib.exe' /pid=552
- '<SYSTEM32>\attrib.exe' /pid=3784
- '<SYSTEM32>\attrib.exe' /pid=3308
- '<SYSTEM32>\attrib.exe' /pid=1148
- '<SYSTEM32>\attrib.exe' /pid=2868
- <SYSTEM32>\attrib.exe
- C:\service.exe