Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'RegistryMonitor1' = '<SYSTEM32>\qtplugin.exe'
- <SYSTEM32>\qtplugin.exe
- 'ip###error.com':80
- '96.#.139.213':80
- 'ip####igmode.com':80
- '89.##9.244.140':80
- '89.##9.244.6':80
- 'ho##ail.com':25
- ip###error.com/stat1.php
- ip####igmode.com/stat1.php
- ip####igmode.com/stat2.php
- 96.#.139.213/stat1.php
- 89.##9.244.6/
- 89.##9.244.140/
- 96.#.139.213/stat2.php
- ip###error.com/stat2.php
- DNS ASK Ip####igMode.com
- DNS ASK Ip###Error.com
- DNS ASK ho##ail.com
- DNS ASK f.##.#ail.yahoo.com