Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '' = '%WINDIR%\qq.exe'
- %WINDIR%\Tasks\At2.job
- %WINDIR%\Tasks\At1.job
- '<SYSTEM32>\at.exe' /delete /y
- '<SYSTEM32>\cmd.exe' /c ""%WINDIR%\update.bat" "
- '<SYSTEM32>\at.exe' 19:32 %WINDIR%\qq.exe
- '<SYSTEM32>\at.exe' 19:31 <SYSTEM32>\check.bat
- '<SYSTEM32>\tskill.exe' ravmon
- '<SYSTEM32>\cmd.exe' /c ""<SYSTEM32>\winupdate.bat" "
- '%WINDIR%\regedit.exe' /s <SYSTEM32>\winxp.reg
- '<SYSTEM32>\attrib.exe' +h <SYSTEM32>\ver.ini
- <SYSTEM32>\check.bat
- C:\VMPFull_Tencent.COM
- %WINDIR%\system.txt
- %WINDIR%\update.bat
- <SYSTEM32>\winupdate.bat
- %WINDIR%\qq.exe
- <SYSTEM32>\ver.ini
- C:\VMPFull_Tencent.COM
- %WINDIR%\qq.exe
- <SYSTEM32>\ver.ini
- %TEMP%\~DF2F41.tmp
- ClassName: 'RegEdit_RegEdit' WindowName: '(null)'