Technical Information
- [<HKLM>\SYSTEM\ControlSet001\Services\dahjService] 'ImagePath' = '%ALLUSERSPROFILE%\Application Data\dahjService\dahjService.exe'
- [<HKLM>\SYSTEM\ControlSet001\Services\dahjService] 'Start' = '00000002'
- %ALLUSERSPROFILE%\Application Data\dahjService\dahjService.exe
- %ProgramFiles%\1
- %ProgramFiles%\1
- %ProgramFiles%\1
- 'lu##rto.ru':80
- http://lu##rto.ru/debug.php?id################################
- DNS ASK lu##rto.ru
- '%ALLUSERSPROFILE%\Application Data\dahjService\dahjService.exe'