Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Services\GhostGGojq] 'Start' = '00000002'
- C:\qqlives.scr /S
- <SYSTEM32>\svchost.exe -k netsvcs
- %TEMP%\wi148218nd.temp
- %WINDIR%\95599.ini
- %TEMP%\wi145625nd.temp
- C:\qqlives.scr
- %WINDIR%\95599.ini
- '66###2.3322.org':852
- DNS ASK 66###2.3322.org
- ClassName: 'Shell_TrayWnd' WindowName: ''