Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\services\Wsiyww cacymqas] 'Start' = '00000002'
- '%PROGRAM_FILES%\Microsoft Osccmk\Vhnrpzr.exe' Win7
- '%PROGRAM_FILES%\Microsoft Osccmk\Vhnrpzr.exe'
- '<SYSTEM32>\wermgr.exe' "-queuereporting_svc" "C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_Vhnrpzr.exe_7e22a2501b74b7172cf445e09053f2a72bdf8b8_cab_0a927261"
- '<SYSTEM32>\WScript.exe' "C:\9954.vbs"
- C:\9954.vbs
- %PROGRAM_FILES%\Microsoft Osccmk\Vhnrpzr.exe
- C:\9954.vbs
- C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_Vhnrpzr.exe_7e22a2501b74b7172cf445e09053f2a72bdf8b8_cab_0a927261\Report.wer.tmp в C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_Vhnrpzr.exe_7e22a2501b74b7172cf445e09053f2a72bdf8b8_cab_0a927261\Report.wer
- '<IP-адрес в локальной сети>':52521
- 'localhost':2015
- DNS ASK dn#.##ftncsi.com
- DNS ASK us##.#zone.qq.com
- ClassName: 'Shell_TrayWnd' WindowName: ''