Техническая информация
- [<HKCU>\Software\Microsoft\Windows NT\CurrentVersion\Windows] 'run' = 'c:\splmgpbqp\start.lnk'
- %ALLUSERSPROFILE%\Start Menu\Programs\Startup\start.lnk
- 'C:\splmgpbqp\csrss.exe' "c:\splmgpbqp\mydll.dll",InitSkin
- C:\splmgpbqp\start.lnk
- C:\splmgpbqp\csrss.exe
- C:\splmgpbqp\mydll.dll
- <SYSTEM32>\PerfStringBackup.TMP
- 'any':8086
- 'v2.#6yf.com':8086
- 'us##.#zone.qq.com':80
- '17#.#39.224.56':805
- '17#.#39.224.57':3202
- us##.#zone.qq.com/2838067011
- DNS ASK v2.#6yf.com
- DNS ASK us##.#zone.qq.com