Техническая информация
- [<HKLM>\SOFTWARE\Classes\exefiles\shell\open\command] '' = '"<SYSTEM32>\taskmar.exe" "%1"'
- [<HKLM>\SOFTWARE\Classes\.exe] '' = 'exefiles'
- '%WINDIR%\Temp\2011625195335.exe'
- '%TEMP%\taskmar.exe'
- '%WINDIR%\Temp\2011625195427.exe'
- '%WINDIR%\Temp\2011625195428.exe'
- '<SYSTEM32>\taskkill.exe' /f /im QQ.exe /t
- '<SYSTEM32>\taskkill.exe' /f /im 2011625195335.exe /t
- '<SYSTEM32>\taskkill.exe' /f /im taskmar.exe /t
- '<SYSTEM32>\cmd.exe' /c %TEMP%\0.bat
- '<SYSTEM32>\cmd.exe' /c %TEMP%\unins000.bat
- '<SYSTEM32>\notepad.exe' %WINDIR%\temp\2011625195336.txt
- '<SYSTEM32>\taskmgr.exe'
- '<SYSTEM32>\taskkill.exe' /f /im ZhuDongFangYu.exe /t
- %TEMP%\taskmar.exe
- %WINDIR%\Temp\2011625195336.txt
- %TEMP%\unins000.bat
- %TEMP%\0.bat
- <SYSTEM32>\taskmar.exe
- %WINDIR%\Temp\2011625195335.exe
- %WINDIR%\Temp\2011625195428.exe
- %WINDIR%\Temp\2011625195427.exe
- %WINDIR%\V2012.exe
- <SYSTEM32>\2011625195117
- %WINDIR%\V2013.exe
- <SYSTEM32>\taskmar.exe
- %TEMP%\taskmar.exe
- %WINDIR%\Temp\2011625195335.exe
- '12#.#71.91.132':80
- ClassName: '' WindowName: 'Windows Task Manager'
- ClassName: '(null)' WindowName: '(null)'
- ClassName: 'Shell_TrayWnd' WindowName: '(null)'
- ClassName: '(null)' WindowName: 'Windows ??????????'