Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\services\msupdate] 'Start' = '00000002'
- [<HKLM>\SYSTEM\ControlSet001\services\msupdate] 'ImagePath' = '<SYSTEM32>\mssrv32.exe'
- '%TEMP%\temc013.exe'
- '%TEMP%\temC013.exe' %TEMP%\temC013.exe
- '<SYSTEM32>\wermgr.exe' -queuereporting
- '<SYSTEM32>\svchost.exe'
- <SYSTEM32>\svchost.exe
- <SYSTEM32>\mssrv32.exe
- %TEMP%\temC013.exe
- %TEMP%\temC013.exe
- 'ka###garka.net':80
- ka###garka.net/123654/stat.php
- DNS ASK ka###garka.net