Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Services\RTj5aVMN] 'Start' = '00000002'
- [<HKLM>\SYSTEM\ControlSet001\Services\RemoteAccess] 'Start' = '00000002'
- '%WINDIR%\ACC.exe'
- '%CommonProgramFiles%\ArSwp3.exe'
- '%TEMP%\QQ360SD.exe'
- '<SYSTEM32>\svchost.exe' -k imgsvc
- '<SYSTEM32>\rundll32.exe' <SYSTEM32>\shimgvw.dll,ImageView_Fullscreen %TEMP%\QQЅШНјОґГьГы11.JPG
- <SYSTEM32>\ipmgr.dll
- %WINDIR%\vbcfg.ini
- %WINDIR%\Win.ini
- <SYSTEM32>\ias\dnary.ldb
- <SYSTEM32>\ias\ias.ldb
- <SYSTEM32>\PcgF90.pic
- %TEMP%\QQ360SD.exe
- %TEMP%\QQЅШНјОґГьГы11.JPG
- %CommonProgramFiles%\ArSwp3.exe
- %WINDIR%\Factory.dll
- %WINDIR%\ACC.exe
- %WINDIR%\Factory.dll
- %WINDIR%\ACC.exe
- <SYSTEM32>\ipmgr.dll
- <SYSTEM32>\ias\ias.ldb
- %WINDIR%\vbcfg.ini
- %WINDIR%\win.ini
- <SYSTEM32>\ias\dnary.ldb
- %CommonProgramFiles%\ArSwp3.exe
- 'a1####9866.gicp.net':8000
- DNS ASK a1####9866.gicp.net
- 'localhost':1036
- 'localhost':1037
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: 'ShImgVw:CPreviewWnd' WindowName: ''