Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Services\Svc_System0] 'Start' = '00000002'
- C:\sus\syst.exe
- C:\sus\svcnoct.exe -service
- C:\sus\svcnoct.exe
- %TEMP%\VMS2.tmp
- C:\sus\syst.exe
- C:\sus\svcnoct.exe
- C:\sus\Bin_.zip
- %TEMP%\VMS1.tmp
- C:\sus\syst.exe
- C:\sus\svcnoct.exe
- %TEMP%\VMS2.tmp
- %TEMP%\VMS1.tmp
- 'do###scheck.com':80
- do###scheck.com/dfgfdDFJGtjfdh57RJTJytkiytTYI688uytJ/urls.php
- DNS ASK do###scheck.com
- ClassName: 'MS_WINHELP' WindowName: ''