Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'RegistryMonitor1' = '<SYSTEM32>\qtplugin.exe'
- <SYSTEM32>\qtplugin.exe
- 'ip#####ig-option.com':80
- 'ip####equest.com':80
- '21#.#5.32.68':80
- '67.##5.160.76':25
- '21#.#0.112.176':80
- '21#.#0.127.133':80
- 'ho##ail.com':25
- ip#####ig-option.com/stat1.php
- 21#.#5.32.68/stat2.php
- 21#.#5.32.68/stat1.php
- ip####equest.com/stat1.php
- 21#.#0.127.133/
- 21#.#0.112.176/
- ip####equest.com/stat2.php
- ip#####ig-option.com/stat2.php
- DNS ASK Ip#####ig-Option.com
- DNS ASK Ip####equest.com
- DNS ASK ho##ail.com
- DNS ASK f.##.#ail.yahoo.com
- ClassName: 'Shell_TrayWnd' WindowName: ''