Техническая информация
- [<HKLM>\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] 'winmime' = '<SYSTEM32>\winmime.exe'
- %WINDIR%\syswow64\winmime.exe
- 'fl##dad.com':80
- '<LOCALNET>.66.52':80
- http://www.fl##dad.com/web/get_core_infov2.asp?ty########################################
- DNS ASK fl##dad.com