Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'Svchost.exe' = '%WINDIR%\Svchost.exe'
- %WINDIR%\Svchost.exe
- <SYSTEM32>\sc.exe description "EventSystem" Ц§іЦПµНіКВјюНЁЦЄ·юОс(SENS)Ј¬ґЛ·юОсОЄ¶©ФДЧйјю¶ФПуДЈРН(COM)ЧйјюКВјюМṩЧФ¶Ї·ЦІј№¦ДЬЎЈИз№ыНЈЦ№ґЛ·юОсЈ¬SENS Ѕ«№Ш±ХЈ¬¶шЗТІ»ДЬМṩµЗВјєНЧўПъНЁЦЄЎЈИз№ыЅыУГґЛ·юОсЈ¬ПФКЅТААµґЛ·юОсµДЖдЛы·юОсЅ«ОЮ·ЁЖф¶ЇЎЈ
- <SYSTEM32>\sc.exe Create "EventSystem" type= own type= interact start= auto DisplayName= "COM+ Event System" binPath= "cmd.exe /c start "\Svchost.exe"
- %WINDIR%\Svchost.exe
- %WINDIR%\Svchost.exe
- 'localhost':9090
- 'ch####p.dyndns.org':80
- ch####p.dyndns.org/
- DNS ASK ch####p.dyndns.org