Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'WinWZSys' = '%WINDIR%\835389CQWZ.exe'
- %WINDIR%\835389CQWZ.exe
- %TEMP%\ґ«НвЙсРР.exe
- %TEMP%\mir.exe
- %WINDIR%\Explorer.EXE
- %TEMP%\E_4\ESSLayer.fne
- %TEMP%\E_4\vclbase.fne
- %TEMP%\E_4\internet.fne
- %TEMP%\E_4\dp1.fne
- %TEMP%\E_4\com.run
- %TEMP%\E_4\downlib.fne
- %TEMP%\E_4\spec.fne
- %TEMP%\E_4\iext2.fne
- %TEMP%\E_4\krnln.fnr
- %TEMP%\ґ«НвЙсРР.exe
- %TEMP%\mir.exe
- %TEMP%\E_4\EAPI.fne
- %TEMP%\E_4\iext.fnr
- %WINDIR%\835389CQWZ.exe
- %TEMP%\E_4\shell.fne
- %WINDIR%\835389CQWZ.exe
- %TEMP%\mir.exe
- 'www.xi###ishen.cn':8080
- 'localhost':1036
- DNS ASK www.xi###ishen.cn
- ClassName: 'Shell_TrayWnd' WindowName: ''