Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Services\Portable Media Serial Numberss] 'Start' = '00000002'
- <SYSTEM32>\svchost.exe -k netsvcs
- %TEMP%\AT2A4119520J.tecm
- %WINDIR%\spositi.reg
- %WINDIR%\spositi.txt
- %WINDIR%\spositi.reg
- %WINDIR%\spositi.txt
- 'yo###k.2288.org':8786
- DNS ASK yo###k.2288.org