Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'QQLVEI' = '%PROGRAM_FILES%\QQBYUw.exe'
- '%PROGRAM_FILES%\QQBYUw.exe'
- '<SYSTEM32>\rundll32.exe' dfdts.dll,DfdGetDefaultPolicyAndSMART
- '<SYSTEM32>\PING.EXE' -n 2 127.0.0.1
- %PROGRAM_FILES%\htrn_jis.tmp
- %PROGRAM_FILES%\htrn_jis.dll
- %PROGRAM_FILES%\QQBYUw.exebnb
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\j[1].jpg
- %PROGRAM_FILES%\htrn_jis.tmp
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\j[1].jpg
- %PROGRAM_FILES%\QQBYUw.exebnb в %PROGRAM_FILES%\QQBYUw.exe
- '20##.#bunion.com':5214
- 'u.###255.com':80
- u.###255.com/image/j.jpg
- DNS ASK dn#.##ftncsi.com
- DNS ASK 20##.#bunion.com
- DNS ASK u.###255.com
- ClassName: '' WindowName: ''