Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Services\64to32] 'Start' = '00000002'
- '<SYSTEM32>\svchost.exe' -k netsvcs
- <SYSTEM32>\Windowsxp.ini
- <SYSTEM32>\Windowsxp32.ini
- <SYSTEM32>\64to32.dll
- 'ki##.swe6hg.com':80
- 'yo#.#we6hg.com':80
- ki##.swe6hg.com/main/main1018.txt
- yo#.#we6hg.com/main/m1018.txt
- DNS ASK ki##.swe6hg.com
- DNS ASK yo#.#we6hg.com