Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Services\dqqjqn] 'Start' = '00000002'
- [<HKLM>\SYSTEM\ControlSet001\Services\lijhpp] 'Start' = '00000002'
- '<SYSTEM32>\sc.exe' stop lijhpp
- '<SYSTEM32>\sc.exe' create dqqjqn type= kernel start= auto binpath= "%ALLUSERSPROFILE%\Application Data\WQIUYQT\dqqjqn.bin"
- '<SYSTEM32>\sc.exe' start lijhpp
- '<SYSTEM32>\sc.exe' create lijhpp type= kernel binpath= "%ALLUSERSPROFILE%\Application Data\WQIUYQT\lijhpp.bin" start= auto
- '<SYSTEM32>\sc.exe' stop null
- %WINDIR%\srchasst\qp5450.lex
- %WINDIR%\msapps\gi4419.nfo
- %WINDIR%\Temp\{f24862f2-55ad-4b80-00ab-0696d97929ff}
- %ALLUSERSPROFILE%\Application Data\WQIUYQT\dqqjqn.bin
- %WINDIR%\inf\izk8496
- %TEMP%\1.tmp
- %ALLUSERSPROFILE%\Application Data\WQIUYQT\sqs8870.tlb
- %WINDIR%\srchasst\et8474.lex
- %ALLUSERSPROFILE%\Application Data\WQIUYQT\lijhpp.bin
- %TEMP%\1.tmp
- %ALLUSERSPROFILE%\Application Data\WQIUYQT\dqqjqn.bin
- %ALLUSERSPROFILE%\Application Data\WQIUYQT\lijhpp.bin
- 'rp.##q88.com':80
- 'rp##.21civ.com':80
- rp.##q88.com/rp.php?om###################################################################################
- rp##.21civ.com/az.php?st######################################################
- DNS ASK www.ba##u.com
- DNS ASK rp.##q88.com
- DNS ASK rp##.21civ.com
- ClassName: 'Shell_TrayWnd' WindowName: '(null)'