Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '32gete' = '<SYSTEM32>\\Microsoft Physical.exe'
- %HOMEPATH%\Start Menu\Programs\Startup\Microsoft Physical.exe
- <SYSTEM32>\Microsoft Physical.exe
- 'po#.qq.com':110
- 'www.ba##u.com':80
- 'sm##.qq.com':25
- www.ba##u.com/
- DNS ASK po#.qq.com
- DNS ASK www.ba##u.com
- DNS ASK sm##.qq.com
- ClassName: '#32770' WindowName: 'Windows ??????????'