Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] 'Userinit' = '<SYSTEM32>\userinit.exe,rr64_b.exe'
- %WINDIR%\Explorer.EXE
- <SYSTEM32>\rr64_b.exe
- 'jj###.playkar.com':80
- jj###.playkar.com/krwow/jj530.bmp
- jj###.playkar.com/krwow/jj530.jpg
- jj###.playkar.com/krwow/jj530.gif
- DNS ASK ms####.sx186.39226.cn
- DNS ASK jj###.playkar.com