Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Services\GPlug76D51F01] 'Start' = '00000002'
- [<HKLM>\SYSTEM\ControlSet001\Services\NetBot] 'Start' = '00000002'
- %TEMP%\SqlWriter.exe
- <SYSTEM32>\cmd.exe /c %TEMP%\0AC20488.bat
- <SYSTEM32>\svchost.exe -k krnlsrvc
- %TEMP%\GPlug424677DFG.sys
- %TEMP%\0AC20488.bat
- %TEMP%\SqlWriter.exe
- %TEMP%\224718_res.tmp
- <SYSTEM32>\RgmvtcC.dll
- %TEMP%\GPlug424677DFG.sys
- %TEMP%\SqlWriter.exe
- %TEMP%\224718_res.tmp в <SYSTEM32>\RgmvtcC.dll
- 'ho##.#doconnect.com':6001
- DNS ASK ho##.#DOCONNECT.COM