Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Services\Windows Test] 'Start' = '00000002'
- '<SYSTEM32>\svchsot.exe'
- '<SYSTEM32>\SBZHW.exe'
- '%TEMP%\qq.sfx.exe' -p520 -d%HOMEPATH%\Local Settings\Temp
- '%TEMP%\qq.exe'
- '<SYSTEM32>\cmd.exe' /c ""%TEMP%\1.bat" "
- <SYSTEM32>\svchsot.exe
- <SYSTEM32>\SBZHW.exe
- %TEMP%\qq.exe
- %TEMP%\1.bat
- %TEMP%\qq.sfx.exe
- %TEMP%\qq.exe
- 'he###.gb868.com':8091
- DNS ASK he###.gb868.com
- ClassName: 'Shell_TrayWnd' WindowName: '(null)'
- ClassName: 'EDIT' WindowName: '(null)'