Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\services\JinShao Ye] 'Start' = '00000002'
- '%WINDIR%\Terms.EXE' Win7
- '%WINDIR%\Terms.EXE'
- '<SYSTEM32>\wermgr.exe' "-queuereporting_svc" "C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_Terms.EXE_93965d19c2515ede8fee7a12e71a486b1f578b_cab_08698729"
- '<SYSTEM32>\WScript.exe' "C:\7934.vbs"
- C:\7934.vbs
- %WINDIR%\Terms.EXE
- C:\7934.vbs
- C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_Terms.EXE_93965d19c2515ede8fee7a12e71a486b1f578b_cab_08698729\Report.wer.tmp в C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_Terms.EXE_93965d19c2515ede8fee7a12e71a486b1f578b_cab_08698729\Report.wer
- DNS ASK dn#.##ftncsi.com
- DNS ASK vk.##rom.com
- ClassName: 'Shell_TrayWnd' WindowName: ''