Техническая информация
- [<HKLM>\System\CurrentControlSet\Services\SRDSLFT] 'Start' = '00000002'
- [<HKLM>\System\CurrentControlSet\Services\SRDSLFT] 'ImagePath' = '%WINDIR%\mqueqa.exe'
- 'SRDSLFT' %WINDIR%\mqueqa.exe
- %TEMP%\svchost.exe
- %TEMP%\ry�ڲ�����.exe
- %WINDIR%\mqueqa.exe
- %TEMP%\svchost.exe в %WINDIR%\syswow64\936396.bak
- 'ww#.#anzoub.com':443
- 'ww#.#anzouw.com':443
- 'ya####ekao.3322.org':8001
- 'de#####er.lanzoug.com':443
- 'microsoft.com':80
- http://www.microsoft.com/pki/certs/MicRooCerAut_2010-06-23.crt
- 'ww#.#anzoub.com':443
- 'ww#.#anzouw.com':443
- 'ya####ekao.3322.org':8001
- 'de#####er.lanzoug.com':443
- DNS ASK ww#.#anzoub.com
- DNS ASK ww#.#anzouw.com
- DNS ASK c.###exmr.biz
- DNS ASK ya####ekao.3322.org
- DNS ASK de#####er.lanzoug.com
- DNS ASK microsoft.com
- '%TEMP%\svchost.exe'
- '%TEMP%\ry�ڲ�����.exe'
- '%WINDIR%\mqueqa.exe'
- '%WINDIR%\mqueqa.exe' Win7