Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Services\YodaoDict] 'Start' = '00000002'
- %PROGRAM_FILES%\Youdao\YodaoDict.exe (загружен из сети Интернет)
- <SYSTEM32>\sc.exe create YodaoDict binPath= "%PROGRAM_FILES%\Youdao\YodaoDict.exe" type= own start= auto
- %PROGRAM_FILES%\Youdao\0001d6e2.exe
- '1b###.##ient-get-data.com':80
- 1b###.##ient-get-data.com/update/a11.exe
- DNS ASK 1b###.##ient-get-data.com