Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Services\TrkSves] 'Start' = '00000002'
- '<SYSTEM32>\dllcache\svchoes.exe'
- '<SYSTEM32>\mdrsvcs.exe'
- '<SYSTEM32>\cmd.exe' /c <SYSTEM32>\Deleteme.bat
- %WINDIR%\Explorer.EXE
- <SYSTEM32>\Deleteme.bat
- <SYSTEM32>\dllcache\svchoes.exe
- <SYSTEM32>\mdrsvcs.exe
- '16###.oicp.net':8099
- DNS ASK 16###.oicp.net