Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] '{B8A170A8-7AD3-4678-B2FE-F2D7381CC1B5}' = ''
- <SYSTEM32>\cmd.exe /c ""<Текущая директория>\_xiaran.bat" "
- <Текущая директория>\_xiaran.bat
- %PROGRAM_FILES%\Internet Explorer\Connection Wizard\isignup.sys
- %PROGRAM_FILES%\Internet Explorer\Connection Wizard\isignup.dll
- %PROGRAM_FILES%\Internet Explorer\Connection Wizard\isignup.dll
- ClassName: 'ListBox' WindowName: 'qqjddDll'
- ClassName: 'ListBox' WindowName: 'qqjddExe'