Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Services\Svc_System0] 'Start' = '00000002'
- 'C:\sus\syst.exe'
- 'C:\sus\svcnoct.exe' -service
- 'C:\sus\svcnoct.exe'
- %TEMP%\VMS2.tmp
- C:\sus\syst.exe
- C:\sus\svcnoct.exe
- C:\sus\Bin_.zip
- %TEMP%\VMS1.tmp
- C:\sus\syst.exe
- C:\sus\svcnoct.exe
- %TEMP%\VMS2.tmp
- %TEMP%\VMS1.tmp
- 'os##rka.ru':80
- os##rka.ru/script/urls.php
- DNS ASK os##rka.ru
- ClassName: 'MS_WINHELP' WindowName: '(null)'