Техническая информация
- [<HKLM>\System\CurrentControlSet\Services\vEventSystem] 'Start' = '00000002'
- [<HKLM>\System\CurrentControlSet\Services\vEventSystem] 'ImagePath' = '<SYSTEM32>\svchost.exe -k netsvcs'
- [<HKLM>\SYSTEM\CurrentControlSet\Services\vEventSystem\Parameters\] 'ServiceDll' = '<SYSTEM32>\ves.dll'
- 'vEventSystem' <SYSTEM32>\svchost.exe -k netsvcs
- %TEMP%\tmp.dll
- %WINDIR%\syswow64\ves.dll
- %TEMP%\delex.bat
- %TEMP%\tmp.dll
- %WINDIR%\syswow64\ves.dll
- '%WINDIR%\syswow64\svchost.exe' -k netsvcs