Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'WinDirectSocket32' = '%WINDIR%\WDS32.exe'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'WinDirectSocket32' = '%WINDIR%\WDS32.exe'
- %WINDIR%\WDS32.tmp
- %WINDIR%\WDS32.tmp в %WINDIR%\WDS32.exe
- %WINDIR%\WDS32.tmp
- 'ir#.##eenode.net':6667
- DNS ASK www.google.com
- DNS ASK ir#.##eenode.net
- '<SYSTEM32>\cmd.exe' /c rename "%WINDIR%\WDS32.tmp" WDS32.exe