Техническая информация
- %HOMEPATH%\Start Menu\Programs\Startup\rlibupdate.exe
- %APPDATA%\Microsoft\Runtime Library\rlib.exe
- %APPDATA%\Microsoft\Runtime Library\blacklist.txt
- 'www.ja###.giantice.com':80
- www.ja###.giantice.com/keylogs/app/rlibupdate.exe
- www.ja###.giantice.com/keylogs/app/blacklisted.txt
- www.ja###.giantice.com/
- DNS ASK www.ja###.giantice.com