Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'spoolsv' = '<SYSTEM32>\spoolsv\spoolsv.exe -printer'
- <SYSTEM32>\spoolsv\spoolsv.exe -printer
- <SYSTEM32>\1116\ntjdo\gjo.wye
- %TEMP%\4F62D437.y9r
- <SYSTEM32>\1116\ntjdo\ntjcn.emm
- <SYSTEM32>\1116\tqppmtw\tqppmtw.fyf
- <SYSTEM32>\1116\ntjdo\plugins\ctf.emm
- <SYSTEM32>\msicn\plugins\bse.dll
- <SYSTEM32>\32F77AC0.094
- <SYSTEM32>\guid.vxd
- <SYSTEM32>\msicn\msibm.dll
- <SYSTEM32>\spoolsv\spoolsv.exe
- <SYSTEM32>\msicn\fin.vxd
- DNS ASK li#####ate.ourxin.com
- ClassName: 'fi1e update class' WindowName: 'Updating system fi1e,please wait...'