Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'sync' = '%APPDATA%\sync.exe'
- %APPDATA%\2012-04.log
- 'em#######ark.4dwebhosting.com':80
- em#######ark.4dwebhosting.com/xxc/sync.txt
- DNS ASK em#######ark.4dwebhosting.com
- ClassName: 'Shell_TrayWnd' WindowName: ''