Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] 'Userinit' = '%WINDIR%\Fonts\QQKL\svchost.exe'
- [<HKLM>\SYSTEM\ControlSet001\Services\SvcMgr] 'Start' = '00000000'
- '<SYSTEM32>\rundll32.exe' %WINDIR%\Fonts\QQKL\jli.dll JLI_ZeroMem
- '%WINDIR%\explorer.exe'
- <DRIVERS>\sm.sys
- %WINDIR%\Fonts\QQKL\jli.dll
- %WINDIR%\Fonts\QQKL\svchost.exe
- <DRIVERS>\sm.sys
- ClassName: 'Shell_TrayWnd' WindowName: '(null)'
- ClassName: '' WindowName: '(null)'