Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'jqs' = '%APPDATA%\AppData\jqs.exe -notray'
- '%APPDATA%\AppData\jqs.exe' -notray
- '%APPDATA%\AppData\jqs.exe'
- '%TEMP%\Installer.exe'
- '%TEMP%\RedBotPro.exe'
- '<SYSTEM32>\reg.exe' ADD HKCU\Software\Microsoft\Windows\CurrentVersion\Run /v jqs /t REG_SZ /d "%APPDATA%\AppData\jqs.exe -notray" /f
- '<SYSTEM32>\cmd.exe' /c ""%TEMP%\KNYCVTCV.bat" "
- '<SYSTEM32>\ipconfig.exe'
- <SYSTEM32>\ipconfig.exe
- %APPDATA%\AppData\jqs.exe
- %TEMP%\KNYCVTCV.bat
- %TEMP%\Installer.exe
- %TEMP%\RedBotPro.exe
- %TEMP%\~DFD1D.tmp
- %TEMP%\~DF4F07.tmp
- 'le##rix.org':80
- le##rix.org/tools/parser.php?us#######################################
- le##rix.org/tools/parser.php?us###########################################################################################
- DNS ASK le##rix.org
- ClassName: 'Indicator' WindowName: '(null)'
- ClassName: 'Shell_TrayWnd' WindowName: '(null)'
- ClassName: 'EDIT' WindowName: '(null)'