Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'QuickTime Task' = '"<Полный путь к вирусу>" -atboottime'
- %WINDIR%\oej.spn
- 'ki####lertiong.com':80
- 'ra#####weonearch.com':80
- 'ne#####descriptor.com':80
- DNS ASK ra#####weonearch.com
- DNS ASK ki####lertiong.com
- DNS ASK microsoft.com
- DNS ASK ne#####descriptor.com
- ClassName: 'Shell_TrayWnd' WindowName: ''