Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] '{C54C2AFB-7B2A-6B3E-BA41-C20F02543019}' = ''
- <SYSTEM32>\gj2610123.exe
- <SYSTEM32>\wscript.exe "<SYSTEM32>\1.vbs"
- <SYSTEM32>\1.vbs
- <SYSTEM32>\gj2610123.exe
- %TEMP%\gjik@
- <SYSTEM32>\AeroSuite.ocx
- <SYSTEM32>\配制文件 .ini
- <SYSTEM32>\小帅.exe
- <SYSTEM32>\报警.mp3
- %TEMP%\gjik@
- <SYSTEM32>\gj2610123.exe
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: 'EDIT' WindowName: ''