Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'updatezonestub' = '%TEMP%\backupstub.exe'
- %TEMP%\backupstub.exe
- 'ba##.#ktatos.com':80
- ba##.#ktatos.com/settings.xml
- ba##.#ktatos.com/pui.php
- DNS ASK ba##.#ktatos.com
- ClassName: 'Indicator' WindowName: '(null)'
- ClassName: 'Shell_TrayWnd' WindowName: '(null)'