Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] 'Host Process for Windows services' = 'cmd /c "start "Host Process for Windows services" "svhosts.exe"'
- '<SYSTEM32>\reg.exe' ADD "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce" /v "Host Process for Windows services" /d "cmd /c """start """Host Process for Windows services""" """svhosts.exe"""" /f"
- '<SYSTEM32>\schtasks.exe' /create /tn "Host Process for Windows services" /tr "'svhosts.exe' /startup" /sc MINUTE /f /rl highest
- <SYSTEM32>\schtasks.exe
- <Текущая директория>\04-12-2017\4.58 PM
- <Текущая директория>\svhosts.exe
- 'localhost':44888
- '93.##1.138.176':44888