Техническая информация
- [<HKCU>\Software\Microsoft\Windows NT\CurrentVersion\Windows] 'load' = '<SYSTEM32>\qcseor.exe'
- '<SYSTEM32>\qcseor.exe'
- '%TEMP%\DnfДЪІї.exe'
- '%TEMP%\050.exe'
- '<SYSTEM32>\cmd.exe' /c "050.exe_And DeleteMe.bat"
- %WINDIR%\yozge.exe
- %TEMP%\3954c.tmp
- %TEMP%\3b643.tmp
- %TEMP%\3ad3a.tmp
- %WINDIR%\dz.dat
- %TEMP%\DnfДЪІї.exe
- %TEMP%\050.exe
- %TEMP%\050.exe_And DeleteMe.bat
- <SYSTEM32>\qcseor.exe
- %TEMP%\3ad3a.tmp
- %TEMP%\3b643.tmp
- %TEMP%\050.exe
- %TEMP%\3954c.tmp
- '11#.#45.148.175':898
- ClassName: 'Shell_TrayWnd' WindowName: '(null)'