Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'QJTN Agent' = '<SYSTEM32>\YHF\QJTN.exe'
- '%HOMEPATH%\Local Settings\Tempinstall.exe' Settings\Tempinstall.exe
- '<SYSTEM32>\YHF\QJTN.exe'
- '%HOMEPATH%\Local Settings\Tempsetup.exe' Settings\Tempsetup.exe
- '%TEMP%\irsetup.exe'
- Библиотека-обработчик для всех процессов: <SYSTEM32>\YHF\QJTN.006
- %TEMP%\irsetup.ini
- %TEMP%\@3.tmp
- %TEMP%\IRIMG6.BMP
- %TEMP%\IRIMG4.BMP
- %TEMP%\IRIMG5.BMP
- <SYSTEM32>\YHF\QJTN.007
- <SYSTEM32>\YHF\QJTN.exe
- <SYSTEM32>\YHF\QJTN.006
- %TEMP%\@4.tmp
- <SYSTEM32>\YHF\QJTN.001
- %HOMEPATH%\Local Settings\Tempinstall.exe
- %TEMP%\irsetup.exe
- %TEMP%\aut2.tmp
- %TEMP%\aut1.tmp
- %HOMEPATH%\Local Settings\Tempsetup.exe
- %TEMP%\IRIMG2.BMP
- %TEMP%\IRIMG3.BMP
- %TEMP%\IRIMG1.BMP
- %TEMP%\irsetup.dat
- %TEMP%\suf6lng.9
- %TEMP%\@3.tmp
- %TEMP%\aut2.tmp
- %TEMP%\aut1.tmp
- ClassName: '(null)' WindowName: 'AKLMW'
- ClassName: 'Shell_TrayWnd' WindowName: '(null)'