Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Services\Spool Services] 'ImagePath' = '<SYSTEM32>\spoolsvo.exe'
- [<HKLM>\SYSTEM\ControlSet001\Services\Spool Services] 'Start' = '00000002'
- '<SYSTEM32>\spoolsvo.exe' 144 "<Полный путь к вирусу>"
- <SYSTEM32>\spoolsvo.exe
- <SYSTEM32>\spoolsvo.exe
- <SYSTEM32>\spoolsvo.exe
- 'sa##.##aticcling.org':7920
- DNS ASK sa##.##aticcling.org
- ClassName: 'mIRC' WindowName: ''