Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run] 'Socks4' = 'socks4.exe'
- <SYSTEM32>\svchost.exe
- <SYSTEM32>\svchost.exe
- <SYSTEM32>\socks4.exe
- 'wh####oy.whyi.org':80
- wh####oy.whyi.org/Log.php?PT#####
- DNS ASK wh####oy.whyi.org