Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Services\eventmgmt] 'Start' = '00000002'
- [<HKLM>\SYSTEM\ControlSet001\Services\eventmgmt] 'ImagePath' = '<SYSTEM32>\svchost.exe -k wevtLogs'
- [<HKLM>\SYSTEM\ControlSet001\Services\eventmgmt\Parameters] 'ServiceDll' = '<SYSTEM32>\wevtlog.dll'
- %ALLUSERSPROFILE%\AppData\Local\Microsoft\Windows\UsrClass.dat
- %WINDIR%\inf\mdmevt.inf
- %TEMP%\132187_res.tmp
- %TEMP%\Sta1.bat
- %TEMP%\132187_res.tmp в <SYSTEM32>\wevtlog.dll
- 'any':0
- '15#.#19.234.100':0
- '<SYSTEM32>\cmd.exe' /c %TEMP%\Sta1.bat
- '<SYSTEM32>\net.exe' start "eventmgmt"
- '<SYSTEM32>\net1.exe' start "eventmgmt"
- '<SYSTEM32>\svchost.exe' -k wevtLogs