Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'systeo' = '<SYSTEM32>\svchost.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 't9L15jRf' = 'rundll32.exe C:\Z3N5F1\t9L15jRf.dll,CreateMe'
- '<SYSTEM32>\svchost.exe'
- '<SYSTEM32>\rundll32.exe' C:\Z3N5F1\t9L15jRf.dll,CreateMe
- <SYSTEM32>\svchost.exe
- C:\Z3N5F1\t9L15jRf.dll
- 'r.###ne.qq.com':80
- 'localhost':1039
- http://r.###ne.qq.com/cgi-bin/user/cgi_personal_card?ui###################
- DNS ASK r.###ne.qq.com