Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'Windows Socketheader' = 'jqoglu.exe'
- [<HKLM>\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] 'EnableFirewall' = '00000000'
- <SYSTEM32>\jqoglu.exe
- <SYSTEM32>\jqoglu.exe
- 'de####.steveballmer.biz':5190
- DNS ASK de####.steveballmer.biz