Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] 'Userinit' = '<SYSTEM32>\userinit.exe,rr64_b.exe'
- %WINDIR%\Explorer.EXE
- <SYSTEM32>\rr64_b.exe
- 'qq####.playkar.com':80
- qq####.playkar.com/uswow/qq0597.bmp
- qq####.playkar.com/uswow/qq0597.jpg
- qq####.playkar.com/uswow/qq0597.gif
- DNS ASK www.microsoft.com
- DNS ASK qq####.playkar.com