Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Services\AppSsfe] 'Start' = '00000002'
- '%CommonProgramFiles%\Microsoft Shared\MSInfo\AppSafe.exe'
- '%TEMP%\AppSafe_I323100.exe'
- '%PROGRAM_FILES%\时时彩控制台\lotto_monitype.exe'
- '<SYSTEM32>\cmd.exe' /c "%CommonProgramFiles%\Microsoft Shared\MSINFO\AppSafe.bat"
- %TEMP%\AppSafe_I323100.exe
- %HOMEPATH%\Desktop\时时彩控制台.lnk
- %CommonProgramFiles%\Microsoft Shared\MSInfo\AppSafe.bat
- %CommonProgramFiles%\Microsoft Shared\MSInfo\AppSafe.exe
- %PROGRAM_FILES%\时时彩控制台\update\set.ini
- %PROGRAM_FILES%\时时彩控制台\update\beep1.wav
- %PROGRAM_FILES%\时时彩控制台\lotto_monitype.exe
- %PROGRAM_FILES%\时时彩控制台\update\type.wav
- %CommonProgramFiles%\Microsoft Shared\MSInfo\AppSafe.exe
- %TEMP%\AppSafe_I323100.exe
- 'sh####ing.1qdan.com':8010
- DNS ASK sh####ing.1qdan.com
- DNS ASK .#.
- ClassName: 'MS_WINHELP' WindowName: '(null)'
- ClassName: 'Shell_TrayWnd' WindowName: '(null)'
- ClassName: 'EDIT' WindowName: '(null)'