Техническая информация
- %HOMEPATH%\Start Menu\Programs\Startup\Svchost.exe.lnk
- [<HKLM>\SYSTEM\ControlSet001\Services\COMEventn] 'Start' = '00000002'
- %WINDIR%\Svchost.exe
- <SYSTEM32>\cmd.exe /c c:\Del.bat
- <SYSTEM32>\wscript.exe "%TEMP%\delay.vbs"
- <SYSTEM32>\sc.exe Create "COMEventn" type= own type= interact start= auto DisplayName= "COM+ Event System32" binPath= "cmd.exe /c start "%WINDIR%\\Svchost.exe"
- <SYSTEM32>\sc.exe description "COMEventn" Ц§іЦПµНіКВјюНЁЦЄ·юОс(SENS)Ј¬ґЛ·юОсОЄ¶©ФДЧй'јю¶ФПуДЈРН(COM)ЧйјюКВјюМṩЧФ¶Ї·ЦІј№¦ДЬ
- %TEMP%\delay.vbs
- C:\Del.bat
- %WINDIR%\Svchost.exe
- %WINDIR%\Svchost.exe
- %TEMP%\delay.vbs
- '<IP-адрес в локальной сети>':80
- <IP-адрес в локальной сети>/ip.txt
- ClassName: 'Shell_TrayWnd' WindowName: ''