Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'lollipop' = '%WINDIR%\loder32.exe'
- %WINDIR%\loder32.exe
- <SYSTEM32>\ping.exe 127.0.0.1 -n
- <SYSTEM32>\svchost.exe
- <SYSTEM32>\svchost.exe
- %PROGRAM_FILES%\svchost1.exe
- %WINDIR%\loder32.exe
- %WINDIR%\loder32.exe
- 'localhost':80
- 'www.ba##u.com':80
- 12#.0.0.1/test.txt
- DNS ASK www.ba##u.com