Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'QQ.exe' = '%WINDIR%\QQ.exe'
- '%WINDIR%\QQ.exe' "nohint"
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3] '1609' = '00000000'
- %WINDIR%\QQ.exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\server1101C[1].php
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\server1101C[1].php
- 'ww##.#sfbi1101.info':80
- ww##.#sfbi1101.info/p1101C/server1101C.php?us###################################
- DNS ASK ww##.#sfbi1101.info
- ClassName: 'MS_WINHELP' WindowName: '(null)'
- ClassName: 'ThunderRT6FormDC' WindowName: 'Form1'