Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run] 'WinUpdaterstd' = '%WINDIR%\WinUpdaterstd\svchost.exe'
- %WINDIR%\WinUpdaterstd\svchost.exe
- '30####ahdhot.com':80
- http://30####ahdhot.com/gb/getcmd.php?id####################
- DNS ASK 30####ahdhot.com