Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'MsOffice' = ''
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'MicrosoftOffice' = ''
- '<SYSTEM32>\wbem\wmiadap.exe' /R /T
- '<SYSTEM32>\reg.exe' ADD HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /v MsOffice /t REG_EXPAND_SZ /d <SYSTEM32>\<Имя вируса>.exe
- '<SYSTEM32>\reg.exe' ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /v MicrosoftOffice /t REG_EXPAND_SZ /d <SYSTEM32>\<Имя вируса>.exe
- <SYSTEM32>\7B296FB0-376B-497e-B012.log
- <SYSTEM32>\PerfStringBackup.TMP
- <SYSTEM32>\wbem\Performance\WmiApRpl.ini
- 'www.tr##joy.com':80
- 'localhost':1038
- DNS ASK www.tr##joy.com
- ClassName: 'Shell DocObject View' WindowName: ''
- ClassName: 'TabWindowClass' WindowName: ''
- ClassName: 'MozillaWindowClass' WindowName: ''
- ClassName: 'Indicator' WindowName: ''
- ClassName: 'MozillaUIWindowClass' WindowName: '<Служебное имя>'