Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'MsOffice' = ''
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'MicrosoftOffice' = ''
- <SYSTEM32>\reg.exe ADD HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /v MsOffice /t REG_EXPAND_SZ /d <SYSTEM32>\<Имя вируса>.exe
- <SYSTEM32>\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /v MicrosoftOffice /t REG_EXPAND_SZ /d <SYSTEM32>\<Имя вируса>.exe
- <SYSTEM32>\7B296FB0-376B-497e-B012.log
- 'www.tr##joy.com':80
- 'localhost':1035
- DNS ASK www.tr##joy.com
- ClassName: 'Shell DocObject View' WindowName: ''
- ClassName: 'TabWindowClass' WindowName: ''
- ClassName: 'MozillaWindowClass' WindowName: ''
- ClassName: 'Indicator' WindowName: ''
- ClassName: 'MozillaUIWindowClass' WindowName: 'Program Manager'