Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Services\windows_0] 'Start' = '00000002'
- '%WINDIR%\31112.exe'
- '<SYSTEM32>\31112.exe'
- '%WINDIR%\k.k' -k 1688
- '%WINDIR%\k.k' -k 1788
- '<SYSTEM32>\cmd.exe' /c %WINDIR%\killme.bat
- <SYSTEM32>\31112.exe
- %WINDIR%\killme.bat
- %WINDIR%\31112.exe
- %WINDIR%\1.1
- %WINDIR%\k.k
- %WINDIR%\k.k
- %WINDIR%\1.1
- %WINDIR%\31112.exe
- %WINDIR%\k.k
- %WINDIR%\1.1
- 'sb###8.3322.org':1800
- DNS ASK sb###8.3322.org