Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Services\Insider] 'Start' = '00000002'
- <SYSTEM32>\insider.exe -s
- <SYSTEM32>\sc.exe description "Insider" "Insider"
- <SYSTEM32>\sc.exe start "Insider"
- <SYSTEM32>\cmd.exe /c ""%TEMP%\1.tmp.bat""
- <SYSTEM32>\sc.exe create "Insider" binPath= "<SYSTEM32>\insider.exe -s" start= auto error= ignore DisplayName= "Insider"
- <SYSTEM32>\taskkill.exe /IM mmc.exe /F
- <SYSTEM32>\sc.exe stop "Insider"
- <SYSTEM32>\sc.exe delete "Insider"
- %TEMP%\1.tmp.bat
- <SYSTEM32>\insider.exe
- <SYSTEM32>\guidex.dat
- 'dn###date3.net':4000
- 'dn###date3.com':4000
- DNS ASK dn###date3.net
- DNS ASK dn###date3.com
- ClassName: '' WindowName: ''