Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Services\BITS] 'Start' = '00000002'
- <SYSTEM32>\qmgr.dll файлом %TEMP%\release.tmp
- <SYSTEM32>\sc.exe config cryptsvc start= disabled
- <SYSTEM32>\sc.exe delete cryptsvc
- <SYSTEM32>\net1.exe stop cryptsvc
- <SYSTEM32>\net.exe stop cryptsvc
- <SYSTEM32>\svchost.exe -k netsvcs
- %TEMP%\release.tmp
- %TEMP%\INSTALL.DAT
- <SYSTEM32>\INSTALL.DAT
- <SYSTEM32>\qmgr.dll
- 'qq#####9868.3322.org':8080
- DNS ASK qq#####9868.3322.org
- ClassName: '' WindowName: 'Windows ????'