Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Services\Svc_Sistems] 'Start' = '00000002'
- C:\sis\csrss..exe
- C:\sis\explore.exe -service
- C:\sis\explore.exe
- %TEMP%\VMS2.tmp
- C:\sis\explore.exe
- C:\sis\csrss..exe
- C:\sis\Bin_.zip
- %TEMP%\VMS1.tmp
- C:\sis\csrss..exe
- C:\sis\explore.exe
- C:\sis\Bin_.zip
- %TEMP%\VMS2.tmp
- %TEMP%\VMS1.tmp
- 'so###orload.com':80
- so###orload.com/od/accounts.php
- so###orload.com/od/proxy.txt
- so###orload.com/od/config.txt
- DNS ASK so###orload.com