Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'SrvcsHndlr' = '"<SYSTEM32>\stub\svchost.exe"'
- <SYSTEM32>\stub\svchost.exe
- <SYSTEM32>\stub\config.conf
- <SYSTEM32>\stub\svchost.exe
- <SYSTEM32>\stub\config.conf
- <SYSTEM32>\stub\svchost.exe
- 'ir#.##ackintel.org':6667
- DNS ASK ir#.##ackintel.org