Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'blue' = '%WINDIR%\blue.scr'
- [<HKLM>\SOFTWARE\Microsoft\Active Setup\Installed Components\{78D7AE4F-8497-8DE4-DCC5-FACD884EF20D}] 'StubPath' = '%WINDIR%\blue.scr'
- %WINDIR%\Explorer.EXE
- %WINDIR%\blue.scr
- 'a.####ouisme.co.cc':80
- DNS ASK a.####ouisme.co.cc