Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Services\Acpmqu waigya] 'Start' = '00000002'
- '%PROGRAM_FILES%\Ruyusr rbrmy\QQprotects.EXE'
- '<SYSTEM32>\wscript.exe' "C:\2524.vbs"
- %TEMP%\WER70d0.dir00\QQprotects.EXE.hdmp
- %TEMP%\WER70d0.dir00\appcompat.txt
- %TEMP%\WER70d0.dir00\manifest.txt
- %TEMP%\WER70d0.dir00\QQprotects.EXE.mdmp
- %PROGRAM_FILES%\Ruyusr rbrmy\QQprotects.EXE
- C:\2524.vbs
- %PROGRAM_FILES%\Ruyusr rbrmy\QQprotects.EXE-up.txt
- C:\2524.vbs
- DNS ASK la###.f3322.org