Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Services\Iddues uaysga] 'Start' = '00000002'
- '%WINDIR%\Kwooeqk.exe'
- C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\CJCTQ25G\888888[1]
- %WINDIR%\Kwooeqk.exe
- 'localhost':1042
- 'us##.#zone.qq.com':80
- 's0#.##ntongtec.com':0
- '<IP-адрес в локальной сети>':6825
- us##.#zone.qq.com/888888
- DNS ASK us##.#zone.qq.com
- DNS ASK s0#.##ntongtec.com