Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '' = '%WINDIR%\qq.exe'
- %WINDIR%\Tasks\At2.job
- %WINDIR%\Tasks\At1.job
- <SYSTEM32>\at.exe /delete /y
- <SYSTEM32>\at.exe 15:55 <SYSTEM32>\check.bat
- <SYSTEM32>\at.exe 15:56 %WINDIR%\qq.exe
- <SYSTEM32>\tskill.exe ravmon
- %WINDIR%\regedit.exe /s %WINDIR%\winxp.reg
- <SYSTEM32>\cmd.exe /c ""%WINDIR%\update.bat" "
- %WINDIR%\update.bat
- %WINDIR%\system.txt
- <SYSTEM32>\check.bat
- %WINDIR%\qq.exe
- %TEMP%\~DF41B4.tmp
- ClassName: 'RegEdit_RegEdit' WindowName: ''