Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Services\NWCWorkstation] 'Start' = '00000002'
- [<HKLM>\SYSTEM\ControlSet001\Services\BthServ] 'Start' = '00000002'
- %ALLUSERSPROFILE%\svchost.exe
- C:\qq.exe
- <SYSTEM32>\taskkill.exe /f /t /im RSTray.exe
- <SYSTEM32>\cmd.exe /c c:\Copysss.bat
- %TEMP%\121250_rar.TEMP
- %TEMP%\130343_rar.TEMP
- %TEMP%\131359_rar.TEMP
- C:\qq.exe
- C:\Copysss.bat
- %ALLUSERSPROFILE%\svchost.exe
- <SYSTEM32>\NWCWorkstationUSA.dll
- %TEMP%\131359_360.temp
- C:\Copysss.bat
- %TEMP%\121234_360.temp
- %TEMP%\131359_360.temp
- C:\qq.exe
- C:\Copysss.bat
- %TEMP%\121234_360.temp
- 'as####oll.3322.org':80
- DNS ASK as####oll.3322.org
- ClassName: '' WindowName: ''