Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '000000000001' = '%WINDIR%\ExcelWebFormDemo_1214.exe'
- '%WINDIR%\nskSetup.exe' (загружен из сети Интернет)
- '%WINDIR%\nskSetup.exe'
- '%WINDIR%\12.exe'
- '%WINDIR%\ExcelWebFormDemo_1214.exe'
- %WINDIR%\nskSetup.exe
- %WINDIR%\12.exe
- %WINDIR%\ExcelWebFormDemo_1214.exe
- 'us###.qzone.qq.com':80
- 'a-##n.co.kr':80
- http://us###.qzone.qq.com/fcg-bin/cgi_get_portrait.fcg?ui#############
- http://a-##n.co.kr/saol/nskSetup.exe
- DNS ASK us###.qzone.qq.com
- DNS ASK a-##n.co.kr
- ClassName: 'Shell_TrayWnd' WindowName: ''