Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Services\Windows NT] 'Start' = '00000002'
- '<SYSTEM32>\reg.exe' add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Windows NT" /v "ObjectName" /d "LocalSystem" /f
- '<SYSTEM32>\reg.exe' add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Windows NT" /v "ImagePath" /t REG_EXPAND_SZ /d "<SYSTEM32>\svch0st.exe" /f
- '<SYSTEM32>\reg.exe' add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Windows NT" /v "Type" /t REG_DWORD /d 272 /f
- '<SYSTEM32>\reg.exe' add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Windows NT" /v "Start" /t REG_DWORD /d 2 /f
- '<SYSTEM32>\reg.exe' add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Windows NT" /v "Group" /d "SchedulerGroup" /f
- '<SYSTEM32>\reg.exe' add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Windows NT" /v "Description" /d "Windows NT" /f
- '<SYSTEM32>\svchost.exe'
- '<SYSTEM32>\reg.exe' add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Windows NT" /v "ErrorControl" /t REG_DWORD /d 1 /f
- '<SYSTEM32>\reg.exe' add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Windows NT" /v "DisplayName" /d "Windows NT" /f
- <SYSTEM32>\svchost.exe
- <SYSTEM32>\svch0st.exe
- <DRIVERS>\svch0st1.exe
- 'www.di##zhi.com':80
- 'ad.#0bc.com':80
- www.di##zhi.com/ad.exe
- DNS ASK www.di##zhi.com
- DNS ASK ad.#0bc.com