Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Services\Ihgyhw uasuja] 'Start' = '00000002'
- '%WINDIR%\Kwwarqd.exe'
- C:\4500.vbs
- %WINDIR%\Kwwarqd.exe
- 'ba##.#zone.qq.com':80
- ba##.#zone.qq.com/fcg-bin/cgi_get_portrait.fcg?ui########################
- DNS ASK ba##.#zone.qq.com