Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Services\SeWini32] 'ImagePath' = 'C:\system16\svwinsi32.exe'
- [<HKLM>\SYSTEM\ControlSet001\Services\SeWini32] 'Start' = '00000002'
- 'C:\system16\svwinsi32.exe'
- C:\system16\svwinsi64.exe
- C:\system16\svwinsi32.exe
- 'ho#.#epp.net':80
- http://ho#.#epp.net/updates/wp-includes/js/tinymce/plugins/compat3x/css/nsOEnk.php
- DNS ASK ho#.#epp.net