Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Services\Windows Firewall Serviceп] 'Start' = '00000002'
- %WINDIR%\svchost.exe
- <SYSTEM32>\cmd.exe /c ""<Текущая директория>\copy.bat" "
- %WINDIR%\svchost.exe
- <Текущая директория>\copy.bat
- 'up####.fuckthefeds.net':6697
- DNS ASK up####.fuckthefeds.net
- ClassName: 'mIRC' WindowName: ''