Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] 'Userinit' = '<SYSTEM32>\Userinit.exe,%APPDATA%\InstallShield\Tmp\QQUpdateA1.bat'
- '%WINDIR%\regedit.exe' /s "%APPDATA%\InstallShield\Tmp\QQUpdateA.reg"
- '<SYSTEM32>\cmd.exe' /c "%APPDATA%\InstallShield\Tmp\QQUpdateA3.bat"
- '<SYSTEM32>\userinit.exe'
- <SYSTEM32>\userinit.exe
- %APPDATA%\InstallShield\Tmp\QQUpdateA3.int
- %APPDATA%\InstallShield\Tmp\QQUpdateA1.int
- %APPDATA%\InstallShield\Tmp\QQUpdateA2.int
- %APPDATA%\InstallShield\Tmp\QQUpdateA.int
- %APPDATA%\InstallShield\Tmp\QQUpdateA.exe
- %APPDATA%\InstallShield\Tmp\QQUpdateA1.dll
- %APPDATA%\InstallShield\Tmp\QQUpdateA2.dll
- %APPDATA%\InstallShield\Tmp\QQUpdateA1.int в %APPDATA%\InstallShield\Tmp\QQUpdateA1.bat
- %APPDATA%\InstallShield\Tmp\QQUpdateA2.int в %APPDATA%\InstallShield\Tmp\QQUpdateA2.bat
- %APPDATA%\InstallShield\Tmp\QQUpdateA.int в %APPDATA%\InstallShield\Tmp\QQUpdateA.reg
- %APPDATA%\InstallShield\Tmp\QQUpdateA3.int в %APPDATA%\InstallShield\Tmp\QQUpdateA3.bat
- 'zi###c.3322.org':17999
- DNS ASK zi###c.3322.org
- ClassName: 'RegEdit_RegEdit' WindowName: '(null)'
- ClassName: 'MS_WINHELP' WindowName: '(null)'
- ClassName: 'Shell_TrayWnd' WindowName: '(null)'