Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Services\WinyHelp] 'Start' = '00000002'
- [<HKLM>\SYSTEM\ControlSet001\Services\Nationaljrq] 'Start' = '00000002'
- %PROGRAM_FILES%\temp\win32.exe
- <SYSTEM32>\MyyWin.exe
- <SYSTEM32>\yygeym.exe
- C:\2012.exe
- C:\win.exe
- <SYSTEM32>\cmd.exe /c <SYSTEM32>\Deleteme.bat
- %WINDIR%\NtsCfg.ini
- %PROGRAM_FILES%\temp\win32.exe
- <SYSTEM32>\Deleteme.bat
- <SYSTEM32>\MyyWin.exe
- C:\win.exe
- C:\2012.exe
- %WINDIR%\Temp\Server.dll
- <SYSTEM32>\yygeym.exe
- %PROGRAM_FILES%\temp\win32.exe
- C:\win.exe
- C:\2012.exe
- 'xi####ao.gnway.net':6666
- 'xi####ao.gnway.net':8888
- DNS ASK xi####ao.gnway.net
- ClassName: '' WindowName: 'syn'