Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Services\64to32] 'Start' = '00000002'
- '<SYSTEM32>\svchost.exe' -k netsvcs
- <SYSTEM32>\Windowsxp.ini
- <SYSTEM32>\Windowsxp32.ini
- <SYSTEM32>\64to32.dll
- 'ad####s.tyyt7.com':80
- 'pa##.#rtyr55.com':80
- ad####s.tyyt7.com/main/main0906.txt
- pa##.#rtyr55.com/main/m0906.txt
- DNS ASK ad####s.tyyt7.com
- DNS ASK pa##.#rtyr55.com