Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'RegistryMonitor1' = '<SYSTEM32>\qtplugin.exe'
- <SYSTEM32>\qtplugin.exe
- '67.##5.160.76':25
- '89.##9.241.174':80
- 'localhost':80
- '89.##9.242.0':80
- '89.##9.244.123':80
- 'ho##ail.com':25
- localhost/stat2.php
- 89.##9.241.174/stat1.php
- localhost/stat1.php
- 89.##9.242.0/
- 89.##9.244.123/
- 89.##9.241.174/stat2.php
- DNS ASK f.##.#ail.yahoo.com
- DNS ASK ho##ail.com
- ClassName: 'Shell_TrayWnd' WindowName: ''