Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Services\4DW4R3] 'start' = '00000001'
- [<HKLM>\SYSTEM\ControlSet001\Services\4DW4R3] 'ImagePath' = '<DRIVERS>\4DW4R3.sys'
- <SYSTEM32>\spoolsv.exe
- <DRIVERS>\4DW4R3.sys
- <SYSTEM32>\spool\prtprocs\w32x86\1.tmp
- 'wpad.localdomain':80
- 'tr###exfund.com':80
- wpad.localdomain/wpad.dat
- tr###exfund.com/allbots_private_stat/cmd.php?id############################################
- DNS ASK wpad.localdomain
- DNS ASK tr###exfund.com