Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] '{B8A170A8-7AD3-4678-B2FE-F2D7381CC1B5}' = ''
- '<SYSTEM32>\cmd.exe' /c ""<Текущая директория>\_xiaran.bat" "
- <Текущая директория>\_xiaran.bat
- %ProgramFiles%\Internet Explorer\Connection Wizard\isignup.sys
- %ProgramFiles%\Internet Explorer\Connection Wizard\isignup.dll
- %ProgramFiles%\Internet Explorer\Connection Wizard\isignup.dll
- ClassName: 'ListBox' WindowName: 'qqjddDll'
- ClassName: 'ListBox' WindowName: 'qqjddExe'