Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'QuitAll' = '<Текущая директория>\QuitAll.exe'
- <Текущая директория>\QuitAll.exe
- %PROGRAM_FILES%\Internet Explorer\IEXPLORE.EXE http://va####g.tistory.com/entry/QuitAll
- <SYSTEM32>\powercfg.exe -SETDCVALUEINDEX SCHEME_BALANCED SUB_NONE CONSOLELOCK 0
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\69I9OPW5\cfile23.uf@12386B364E44F52D07FD01[1].exe
- %WINDIR%\qumr.exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\0D6B6PI5\QuitAll[1]
- <Текущая директория>\QuitAll.exe
- %WINDIR%\QuitAll.dat
- C:\caexp.txt
- %WINDIR%\QuitAll.dat
- 'localhost':1038
- 'va####g.tistory.com':80
- va####g.tistory.com/entry/QuitAll
- va####g.tistory.com/attachment/cfile23.uf@12386B364E44F52D07FD01.exe
- DNS ASK va####g.tistory.com
- ClassName: 'MS_AutodialMonitor' WindowName: ''
- ClassName: 'MS_WebcheckMonitor' WindowName: ''
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: '' WindowName: ''