Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Services\.Net CLR] 'Start' = '00000002'
- '%TEMP%\RarSFX1\QQ5.5.exe'
- '%WINDIR%\sscqsw.exe'
- '%TEMP%\RarSFX0\Setup.exe' -pteQ1FzQsd8dS6OET
- '%TEMP%\RarSFX1\FeedBack.exe' -setup
- '<SYSTEM32>\wscript.exe' "C:\454.vbs"
- %TEMP%\RarSFX1\config.ini
- %WINDIR%\sscqsw.exe
- C:\454.vbs
- %TEMP%\RarSFX0\Setup.exe
- %TEMP%\RarSFX1\FeedBack.exe
- %TEMP%\RarSFX1\QQ5.5.exe
- C:\454.vbs
- %TEMP%\RarSFX0\Setup.exe
- %TEMP%\RarSFX1\QQ5.5.exe
- %TEMP%\RarSFX1\config.ini
- %TEMP%\RarSFX1\FeedBack.exe
- 'ja#####otao.f3322.org':3800
- DNS ASK ja#####otao.f3322.org
- ClassName: 'Shell_TrayWnd' WindowName: '(null)'
- ClassName: 'EDIT' WindowName: '(null)'