Техническая информация
- [<HKCU>\Software\Microsoft\Windows NT\CurrentVersion\Windows] 'load' = '<Полный путь к вирусу>'
- %TEMP%\slc2.tmp
- %TEMP%\slc1.tmp
- 'yo#.###ain-googletw.com':80
- 'wu###.##main-googletw.com':80
- 'wp#d':80
- 'di###.blog.yam.com':80
- yo#.###ain-googletw.com/
- wu###.##main-googletw.com/
- wp#d/wpad.dat
- di###.blog.yam.com/xiangxiang123/article/10171615
- DNS ASK yo#.###ain-googletw.com
- DNS ASK wu###.##main-googletw.com
- DNS ASK wp#d
- DNS ASK di###.blog.yam.com