Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Services\Svc_System0] 'Start' = '00000002'
- 'C:\sus\syst.exe'
- 'C:\sus\svcnoct.exe' -service
- 'C:\sus\svcnoct.exe'
- %TEMP%\VMS2.tmp
- C:\sus\syst.exe
- C:\sus\svcnoct.exe
- C:\sus\Bin_.zip
- %TEMP%\VMS1.tmp
- C:\sus\syst.exe
- C:\sus\svcnoct.exe
- %TEMP%\VMS2.tmp
- %TEMP%\VMS1.tmp
- 'si###hrswbr.net':80
- si###hrswbr.net/wb/urls.php
- DNS ASK si###hrswbr.net
- ClassName: 'MS_WINHELP' WindowName: '(null)'