Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] '键盘辅助程序(禁止后可能导致无法输入中文)' = '%HOMEPATH%\Templates\qyq\svhost.exe /1'
- %HOMEPATH%\Templates\qyq\svhost.exe
- <SYSTEM32>\getmac.exe
- ClassName: 'TXGuiFoundation' WindowName: ''
- %HOMEPATH%\Local Settings\Temporary Internet Files\qy1.dat
- %HOMEPATH%\Local Settings\Temporary Internet Files\qy2.dat
- <Текущая директория>\<Имя вируса>.flv
- %HOMEPATH%\Local Settings\Temporary Internet Files\svhost.exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\qy2.dat в %HOMEPATH%\Templates\qyq\qy2.dat
- %HOMEPATH%\Local Settings\Temporary Internet Files\qy1.dat в %HOMEPATH%\Templates\qyq\qy1.dat
- %HOMEPATH%\Local Settings\Temporary Internet Files\svhost.exe в %HOMEPATH%\Templates\qyq\svhost.exe
- 'qy###web.com':80
- qy###web.com/rmtinst
- DNS ASK qy###web.com
- ClassName: '#32770' WindowName: ''
- ClassName: 'Indicator' WindowName: ''