Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Services\Serverxxx] 'Start' = '00000002'
- <SYSTEM32>\cmd.exe /c ""%TEMP%\11.bat" "
- <SYSTEM32>\cmd.exe /c ""%TEMP%\00.bat" "
- <SYSTEM32>\svchost.exe -k "Serverxxx"
- %TEMP%\00.bat
- %TEMP%\11.bat
- C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\CJCTQ25G\yiki[1].txt
- %TEMP%\102656x.dll
- %TEMP%\RCX1.tmp
- <SYSTEM32>\win11668984c.dll
- %TEMP%\102656x.dll
- '10#.250.2.3':80
- 10#.250.2.3/ip/yiki.txt