Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\RunOnce] 'svchost' = '%WINDIR%\svchost.exe'
- %WINDIR%\svchost.exe
- %TEMP%\E_4\eAPI.fne
- %TEMP%\E_4\iext.fnr
- %TEMP%\gbtsQzp1
- %WINDIR%\svchost.exe
- %TEMP%\E_4\shell.fne
- %TEMP%\E_4\krnln.fnr
- %TEMP%\E_4\sock.fne
- %TEMP%\E_4\EThread.fne
- %WINDIR%\svchost.exe
- %TEMP%\gbtsQzp1
- 'qq##.gnway.net':10748
- DNS ASK qq##.gnway.net
- ClassName: 'Shell_TrayWnd' WindowName: ''