Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Services\MpsSvcc] 'Start' = '00000002'
- [<HKLM>\SYSTEM\ControlSet001\Services\MpsSvcc] 'ImagePath' = '%CommonProgramFiles%\svchost.exe'
- %CommonProgramFiles%\svchost.exe
- C:\Documents and Settings\LocalService\Local Settings\<INETFILES>\Content.IE5\CJCTQ25G\lucky[1].jpg
- <Полный путь к файлу>
- 'up####.krbpool.com':80
- http://up####.krbpool.com/lucky.jpg
- DNS ASK up####.krbpool.com
- '%CommonProgramFiles%\svchost.exe'