Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run] 'dudu' = '%WINDIR%\service.EXE'
- %WINDIR%\service.EXE
- C:\low.txt
- %WINDIR%\service.EXE
- 'ir#.#bjects.com':6667
- 'www.ko##s.com':80
- www.ko##s.com/img_categorie/button.php
- DNS ASK www.ko##s.com
- DNS ASK ir#.#bjects.com
- ClassName: 'Shell_TrayWnd' WindowName: ''