Техническая информация
- [<HKLM>\System\CurrentControlSet\Services\Winrs] 'Start' = '00000002'
- [<HKLM>\System\CurrentControlSet\Services\Winrs] 'ImagePath' = '<SYSTEM32>\svchost.exe -k WinrsEx'
- [<HKLM>\SYSTEM\CurrentControlSet\Services\Winrs\Parameters] 'ServiceDll' = '%WINDIR%\apppatch\\netapi32.dll'
- 'Winrs' <SYSTEM32>\svchost.exe -k WinrsEx
- %HOMEPATH%\test\7z.cab
- %WINDIR%\apppatch\netapi32.dll
- 'vg##.#omeunix.org':443
- 'of#####65.blogdns.com':443
- '<LOCALNET>.14.196':53
- DNS ASK vg##.#omeunix.org
- DNS ASK of#####65.blogdns.com
- '%WINDIR%\syswow64\extrac32.exe' "%HOMEPATH%\test\7z.cab" netapi32.dll /Y /L "%WINDIR%\apppatch\"' (со скрытым окном)
- '%WINDIR%\syswow64\extrac32.exe' "%HOMEPATH%\test\7z.cab" netapi32.dll /Y /L "%WINDIR%\apppatch\"
- '%WINDIR%\syswow64\svchost.exe' -k WinrsEx