Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] 'SOSO' = '{85295D6C-F6B5-497e-A896-0D1549A9F5A5}'
- '<SYSTEM32>\cmd.exe' /c "%TEMP%\\setup_clean.cmd"
- %WINDIR%\Explorer.EXE
- %TEMP%\setup_clean.cmd
- %PROGRAM_FILES%\Tencent\Soso.dll