Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Services\Mnopqr Tuvwxyab Def] 'Start' = '00000002'
- [<HKLM>\SYSTEM\ControlSet001\Services\Mnopqr Tuvwxyab Def] 'ImagePath' = '<SYSTEM32>\ccuwco.exe'
- %WINDIR%\Fonts\QQ.exe
- <SYSTEM32>\ccuwco.exe
- %WINDIR%\Fonts\QQ.exe
- 'he##.##eampowered.com':443
- 'xu#.##login2.qq.com':80
- 'lo######t.ptlogin2.qq.com':4300
- '11#.#9.73.60':1999
- 'lo######t.ptlogin2.qq.com':4301
- 'lo######t.ptlogin2.qq.com':4302
- 'lo######t.ptlogin2.qq.com':4303
- 'lo######t.ptlogin2.qq.com':4304
- 'lo######t.ptlogin2.qq.com':4305
- 'lo######t.ptlogin2.qq.com':4306
- 'lo######t.ptlogin2.qq.com':4307
- 'lo######t.ptlogin2.qq.com':4308
- 'lo######t.ptlogin2.qq.com':4309
- http://xu#.##login2.qq.com/cgi-bin/xlogin?pr#####################################################################################################################################################...
- DNS ASK he##.##eampowered.com
- DNS ASK xu#.##login2.qq.com
- DNS ASK lo######t.ptlogin2.qq.com
- '%WINDIR%\Fonts\QQ.exe'
- '<SYSTEM32>\ccuwco.exe'
- '<SYSTEM32>\cmd.exe' /c del %WINDIR%\Fonts\QQ.exe > nul