Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'sysiem' = '%PROGRAM_FILES%\Nrl\sysiem.exe'
- '%PROGRAM_FILES%\Nrl\sysiem.exe'
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\cgi_get_portrait[1].fcg
- %PROGRAM_FILES%\Nrl\sysiem.exe
- <DRIVERS>\etc\hosts.ics
- 'ba##.#zone.qq.com':80
- 'localhost':1035
- ba##.#zone.qq.com/fcg-bin/cgi_get_portrait.fcg?ui###################
- DNS ASK ba##.#zone.qq.com