Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Services\Ghijkl Nopqrstu Wxy] 'Start' = '00000002'
- '%TEMP%\Temp\єЖЙЩПВФШЖч..exe'
- '%TEMP%\Temp\єЖЙЩПВФШЖч.exe'
- '%PROGRAM_FILES%\Internet Explorer\IEXPLORE.EXE' http://us##.#zone.qq.com/1632463667?pt#########
- '<SYSTEM32>\svchost.exe' -k imgsvc
- '<SYSTEM32>\svchost.exe' -k netsvcs
- '%PROGRAM_FILES%\Internet Explorer\IEXPLORE.EXE' http://us##.#zone.qq.com/1176860895?pt#########
- %PROGRAM_FILES%\Lhij\Qhijklmno.bmp
- C:\Net-Temp.ini
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\U98D4X8H\1632463667[1]
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\1176860895[1]
- %TEMP%\Temp\єЖЙЩПВФШЖч..exe
- %TEMP%\Temp\єЖЙЩПВФШЖч.exe
- C:\NT_Path.jpg
- C:\2400000.dll
- %PROGRAM_FILES%\Lhij\Qhijklmno.bmp
- %TEMP%\Temp\єЖЙЩПВФШЖч..exe
- C:\2400000.dll
- C:\Net-Temp.ini
- C:\NT_Path.jpg
- 'us##.#zone.qq.com':80
- 'ds##########gopkdjsifjuidhgufd.f3322.org':1000
- 'localhost':1037
- 'localhost':1038
- us##.#zone.qq.com/1632463667?pt#########
- us##.#zone.qq.com/1176860895?pt#########
- DNS ASK ds##########gopkdjsifjuidhgufd.f3322.org
- DNS ASK us##.#zone.qq.com
- ClassName: 'MS_AutodialMonitor' WindowName: ''
- ClassName: 'MS_WebcheckMonitor' WindowName: ''
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: '' WindowName: ''