Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Services\EwentLog] 'Start' = '00000002'
- [<HKLM>\SYSTEM\ControlSet001\Services\EwentLog] 'ImagePath' = '%WINDIR%\system\svchost.exe'
- %WINDIR%\system\svchost.exe
- '99##y.cn':80
- http://www.99##y.cn/Der/Der.txt via 99##y.cn
- DNS ASK www.99##y.cn
- '%WINDIR%\system\svchost.exe'