Technical Information
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'Хост-процесс для служб Windovs' = '%WINDIR%\debug\svchost.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'Хост-процесс для служб Windovs' = '%WINDIR%\debug\svchost.exe'
- %WINDIR%\Debug\svchost.exe
- <Full path to file>
- 'ts##.#ervebeer.com':20191
- DNS ASK ts##.#ervebeer.com
- '%WINDIR%\Debug\svchost.exe'
- '<SYSTEM32>\cmd.exe' /c ping 127.0.0.1 -n 5 -w 5 > Nul & START %WINDIR%\debug\svchost.exe
- '<SYSTEM32>\cmd.exe' /c ping 127.0.0.1 -n 2 -w 2 > Nul & DEL <Full path to file>
- '<SYSTEM32>\ping.exe' 127.0.0.1 -n 5 -w 5
- '<SYSTEM32>\ping.exe' 127.0.0.1 -n 2 -w 2