Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'qsave.exe' = '%HOMEPATH%\Local Settings\qsave.exe xps'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'qsave.exe' = '%HOMEPATH%\Local Settings\qsave.exe xps'
- '%HOMEPATH%\Local Settings\qsave.exe' xps
- %HOMEPATH%\Temp\install.php
- %HOMEPATH%\Temp\__mdf_
- %HOMEPATH%\Temp\check.php
- %PROGRAM_FILES%\Temp\mos.bak
- %TEMP%\_sti_
- %HOMEPATH%\Temp\rotby.bak
- %HOMEPATH%\rotby.bak
- %TEMP%\nsj2.tmp
- %HOMEPATH%\Local Settings\qsave.exe
- %HOMEPATH%\Temp\__rbs__
- %HOMEPATH%\Local Settings\msiop.exe
- %HOMEPATH%\rotby.bak
- %HOMEPATH%\Temp\check.php
- %HOMEPATH%\Temp\install.php
- %PROGRAM_FILES%\Temp\mos.bak
- %TEMP%\_sti_
- %HOMEPATH%\Temp\__rbs__
- %HOMEPATH%\Local Settings\msiop.exe
- %HOMEPATH%\Temp\__mdf_
- %HOMEPATH%\rotby.bak
- %HOMEPATH%\Temp\rotby.bak в %HOMEPATH%\rotby.bak
- 'www.dz##a.com':80
- 'up####.dzpia.com':80
- www.dz##a.com/clock5/check.php?ma###################
- up####.dzpia.com/clock5//msiop.exe
- up####.dzpia.com/clock5//rotby.bak
- www.dz##a.com/clock5/install.php?ma###################
- DNS ASK www.dz##a.com
- DNS ASK up####.dzpia.com
- ClassName: 'Shell_TrayWnd' WindowName: '(null)'
- ClassName: 'Indicator' WindowName: '(null)'