Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'RegistryMonitor1' = '<SYSTEM32>\qtplugin.exe'
- <SYSTEM32>\qtplugin.exe
- 'mo####ipconfig.com':80
- 'ip####atabase.com':80
- '89.##9.254.182':80
- '67.##5.160.76':25
- '21#.#0.112.29':80
- '89.##9.243.193':80
- 'ho##ail.com':25
- mo####ipconfig.com/stat1.php
- 89.##9.254.182/stat2.php
- 89.##9.254.182/stat1.php
- ip####atabase.com/stat1.php
- 89.##9.243.193/
- 21#.#0.112.29/
- ip####atabase.com/stat2.php
- mo####ipconfig.com/stat2.php
- DNS ASK Mo####IpConfig.com
- DNS ASK Ip####atabase.com
- DNS ASK ho##ail.com
- DNS ASK f.##.#ail.yahoo.com
- ClassName: 'Shell_TrayWnd' WindowName: '(null)'