Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Services\Wsqogg zwlmkwyw] 'Start' = '00000002'
- '%CommonProgramFiles%\2015110234855.exe'
- '%PROGRAM_FILES%\Microsoft Vqtotd\Muyoiwq.exe'
- '%CommonProgramFiles%\2015110234710.exe'
- '%CommonProgramFiles%\2015111142512.exe'
- '%CommonProgramFiles%\2015111142513.exe'
- '%CommonProgramFiles%\2015110234854.exe'
- '<SYSTEM32>\wscript.exe' "C:\5000.vbs"
- '<SYSTEM32>\wscript.exe' "C:\4650.vbs"
- '<SYSTEM32>\wscript.exe' "C:\1250.vbs"
- %TEMP%\E_N4\eDB.fne
- %TEMP%\E_N4\eExcel2000.fne
- %TEMP%\E_N4\spec.fne
- %TEMP%\E_N4\internet.fne
- C:\4650.vbs
- C:\5000.vbs
- %CommonProgramFiles%\2015110234710.exe
- C:\1250.vbs
- %PROGRAM_FILES%\Microsoft Vqtotd\Muyoiwq.exe
- %CommonProgramFiles%\2015110234854.exe
- %CommonProgramFiles%\2015111142512.exe
- %CommonProgramFiles%\2015111142513.exe
- %TEMP%\E_N4\iext.fnr
- %TEMP%\E_N4\EThread.fne
- %CommonProgramFiles%\2015110234855.exe
- %TEMP%\E_N4\krnln.fnr
- %PROGRAM_FILES%\Microsoft Vqtotd\Muyoiwq.exe
- C:\5000.vbs
- C:\1250.vbs
- %PROGRAM_FILES%\Microsoft Vqtotd\Muyoiwq.exe
- C:\4650.vbs
- '<IP-адрес в локальной сети>':8010
- '<IP-адрес в локальной сети>':139
- '<IP-адрес в локальной сети>':80
- 'mm###.f3322.net':8062
- '<IP-адрес в локальной сети>':445
- DNS ASK mm###.f3322.net
- ClassName: 'Shell_TrayWnd' WindowName: ''