Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Services\Microsoft.Corporation] 'Start' = '00000002'
- %WINDIR%\svchost.exe -nogui
- %WINDIR%\svchost.exe -service
- %ALLUSERSPROFILE%\Application Data\AMMYY\Svch0st.exe -nogui
- <SYSTEM32>\sc.exe start Microsoft.Corporation
- <SYSTEM32>\sc.exe create Microsoft.Corporation binPath= "%WINDIR%\svchost.exe -service" DisplayName= "Microsoft Comporation" start= auto
- <SYSTEM32>\cmd.exe /c "%ALLUSERSPROFILE%\Application Data\AMMYY\services.bat"
- %ALLUSERSPROFILE%\Application Data\AMMYY\Svch0st.log
- %ALLUSERSPROFILE%\Application Data\AMMYY\hr3
- %WINDIR%\svchost.log
- %WINDIR%\svchost.exe
- %ALLUSERSPROFILE%\Application Data\AMMYY\Svch0st.exe
- %ALLUSERSPROFILE%\Application Data\AMMYY\settings3.bin
- %ALLUSERSPROFILE%\Application Data\AMMYY\hr
- %ALLUSERSPROFILE%\Application Data\AMMYY\Services.bat
- %ALLUSERSPROFILE%\Application Data\AMMYY\Svch0st.log
- %ALLUSERSPROFILE%\Application Data\AMMYY\Svch0st.exe
- 'cl#####kish2.netne.net':80
- 'rl.##myy.com':80
- cl#####kish2.netne.net/index.php?ac#######################################################################################################
- rl.##myy.com/
- DNS ASK cl#####kish2.netne.net
- DNS ASK rl.##myy.com
- ClassName: '0' WindowName: '0'