Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'Windows Security' = '%WINDIR%\Services.exe'
- '%WINDIR%\Services.exe'
- %WINDIR%\Services.exe
- <Текущая директория>\Server.bat
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\YIF7DGLM\MSWINSCK[1].OCX
- %TEMP%\~DF8D44E45DD01AAB1F.TMP
- 'kr######e.redirectme.net':5201
- 'www.fr###ebs.com':80
- www.fr###ebs.com/yah-net-pro/MSWINSCK.OCX
- DNS ASK dn#.##ftncsi.com
- DNS ASK kr######e.redirectme.net
- DNS ASK www.fr###ebs.com