Техническая информация
- [<HKLM>\SOFTWARE\Classes\Applications\uninstall.exe\shell\open\command] '' = '%WINDIR%\uninstall.exe "%1" %*'
- %WINDIR%\uninstall.exe
- %WINDIR%\inf\inner.exe
- <SYSTEM32>\cmd.exe /c %PROGRAM_FILES%\userpic\qr.bat
- <SYSTEM32>\wscript.exe qr.vbe
- <SYSTEM32>\wscript.exe %WINDIR%\up.vbe
- <SYSTEM32>\ping.exe 127.0.0.1 -n 1
- <SYSTEM32>\regsvr32.exe /s <SYSTEM32>\scrrun.dll
- <SYSTEM32>\regsvr32.exe /s <SYSTEM32>\wshom.ocx
- <SYSTEM32>\cmd.exe /c %WINDIR%\copy.bat
- %WINDIR%\up.vbe
- %WINDIR%\qr.txt
- %PROGRAM_FILES%\userpic\qr.bat
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\U98D4X8H\CAPSSJD1.asp
- %PROGRAM_FILES%\userpic\sogoupyupdate.exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\001[1].jpg
- %WINDIR%\uninstall.exe
- %WINDIR%\inf\inner.exe
- %PROGRAM_FILES%\userpic\qr.VBE
- %PROGRAM_FILES%\userpic\qr.TXT
- %WINDIR%\copy.bat
- %TEMP%\~DFBECF.tmp
- %PROGRAM_FILES%\userpic\qr.VBE
- %WINDIR%\qr.txt
- %TEMP%\~DF135.tmp
- %PROGRAM_FILES%\userpic\qr.TXT
- 'localhost':1038
- 'cn####5.chinaw3.com':80
- 'localhost':1035
- '24##.pqpq.net':80
- 24##.pqpq.net/soft/001.jpg
- DNS ASK cn####5.chinaw3.com
- DNS ASK 24##.pqpq.net
- ClassName: 'Shell_TrayWnd' WindowName: ''