Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] 'rdshost' = '{AD1BAF59-1BDC-4D72-8513-D31E46B0AF19}'
- <SYSTEM32>\ctfmon.exe
- %WINDIR%\Explorer.EXE
- <SYSTEM32>\system32.dll
- %WINDIR%\Flash_Game.zip
- 'ir#.##edetested.com':6667
- DNS ASK ir#.##edetested.com