Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Services\PowerPoint] 'Start' = '00000002'
- [<HKLM>\SYSTEM\ControlSet001\Services\PowerPoint] 'ImagePath' = 'C:\Users\Public\Documents\Tencent\Qzone\QQPhotoDrawUpdateSvrn.exe'
- QQPhotoDrawUpdateSvrn.exe
- C:\Users\Public\Documents\Tencent\Qzone\update.dat
- C:\Users\Public\Documents\Tencent\Qzone\a.bat
- C:\Users\Public\Documents\Tencent\Qzone\bitbug_favicon.ico
- C:\Users\Public\Documents\Tencent\Qzone\c.bat
- C:\Users\Public\Documents\Tencent\Qzone\curllib.dll
- C:\Users\Public\Documents\Tencent\Qzone\QQPhotoDrawUpdateSvrn.exe
- 'xx#.#3322.net':18578
- 'us###.qzone.qq.com':80
- http://us###.qzone.qq.com/fcg-bin/cgi_get_portrait.fcg?ui############
- DNS ASK xx#.#3322.net
- DNS ASK us###.qzone.qq.com
- ClassName: 'EDIT' WindowName: ''
- 'C:\Users\Public\Documents\Tencent\Qzone\QQPhotoDrawUpdateSvrn.exe'
- '<SYSTEM32>\cmd.exe' /c ""C:\Users\Public\Documents\Tencent\Qzone\a.bat" "
- '<SYSTEM32>\rundll32.exe' url.dll,OpenURLA c.bat
- '<SYSTEM32>\cmd.exe' /c "C:\Users\Public\Documents\Tencent\Qzone\c.bat "
- '<SYSTEM32>\sc.exe' create PowerPoint binPath= C:\Users\Public\Documents\Tencent\Qzone\QQPhotoDrawUpdateSvrn.exe start= auto DisplayName= PowerPoint