Техническая информация
- %HOMEPATH%\Start Menu\Programs\Startup\sysocmgr.exe
- %APPDATA%\Microsoft\Runtime Library\rlib.exe
- %APPDATA%\Microsoft\Runtime Library\blacklist.txt
- 'ja###.giantice.com':80
- 'wp#d':80
- ja###.giantice.com/keylogs/app/blacklisted.txt
- ja###.giantice.com/keylogs/app/rlibupdate.exe
- wp#d/wpad.dat
- ja###.giantice.com/
- DNS ASK ja###.giantice.com
- DNS ASK wp#d