Техническая информация
- [<HKLM>\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] 'svchost' = '%WINDIR%\svchost.exe'
- %TEMP%\crc.exe
- %TEMP%\bot.exe
- %WINDIR%\svchost.exe
- %WINDIR%\tmplist.tmp
- %WINDIR%\svchost.exe
- 'ke##s.ru':80
- http://ke##s.ru/config.cfg
- DNS ASK ke##s.ru
- '%TEMP%\crc.exe'
- '%TEMP%\bot.exe'
- '%WINDIR%\svchost.exe'