Техническая информация
- [<HKLM>\SOFTWARE\Classes\lnkfile\shell\open\command] '' = '"%PROGRAM_FILES%\Tencent\QQ\Bin\TXOC.exe" "%1"'
- '%PROGRAM_FILES%\TTPlayer\TPlayer.exe'
- '%WINDIR%\1012.exe'
- '<SYSTEM32>\wscript.exe' "%TEMP%\KL13L.vbs"
- '%WINDIR%\regedit.exe' /s "%TEMP%\PKTIJ.reg"
- '<SYSTEM32>\wscript.exe' "%WINDIR%\start110.vbs"
- '<SYSTEM32>\mshta.exe' "%WINDIR%\8007.hta"
- %TEMP%\PKTIJ.reg
- %PROGRAM_FILES%\Tencent\QQ\Bin\TXOC.exe
- %PROGRAM_FILES%\TTPlayer\Config.ini
- %TEMP%\KL13L.vbs
- <SYSTEM32>\Factory.dll
- %WINDIR%\1012.exe
- %WINDIR%\start110.vbs
- %PROGRAM_FILES%\TTPlayer\TPlayer.exe
- %WINDIR%\8007.hta
- %PROGRAM_FILES%\TTPlayer\TPlayer.exe
- 'ip#.#etodo.com':8754
- 'qq#.##aicache.com':8081
- 'ip.##todo.com':8754
- 'pp#.##aicache.com':8081
- DNS ASK ip#.#etodo.com
- DNS ASK qq#.##aicache.com
- DNS ASK ip.##todo.com
- DNS ASK pp#.##aicache.com
- ClassName: 'MS_WebcheckMonitor' WindowName: '(null)'
- ClassName: 'RegEdit_RegEdit' WindowName: '(null)'
- ClassName: 'MS_AutodialMonitor' WindowName: '(null)'
- ClassName: 'EDIT' WindowName: '(null)'
- ClassName: 'Shell_TrayWnd' WindowName: '(null)'