Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Services\Irmon\Parameters] 'ServiceDll' = '<SYSTEM32>\Irmonex.dll'
- [<HKLM>\SYSTEM\ControlSet001\Services\Irmon] 'ImagePath' = '<SYSTEM32>\svchost.exe -k netsvcs'
- [<HKLM>\SYSTEM\ControlSet001\Services\Irmon] 'Start' = '00000002'
- %WINDIR%\Temp\Delsvcfile1.bat
- C:\NewLog4.txt
- <SYSTEM32>\Irmonex.dll
- <SYSTEM32>\Irmonex.dll
- '<SYSTEM32>\ping.exe' -n 5 127.0.0.1
- '<SYSTEM32>\attrib.exe' -h "%WINDIR%\TEMP\Delsvcfile1.bat"
- '<SYSTEM32>\cmd.exe' /c %WINDIR%\TEMP\Delsvcfile1.bat
- '<SYSTEM32>\attrib.exe' -s "<SYSTEM32>\Irmonex.dll"