Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'winhelp.exe' = '%APPDATA%\alFSVWJB\winhelp.exe'
- '%APPDATA%\alFSVWJB\winhelp.exe' <Полный путь к вирусу>
- '<SYSTEM32>\rundll32.exe' <SYSTEM32>\sysdm.cpl,NoExecuteProcessException %APPDATA%\alFSVWJB\winhelp.exe
- '<SYSTEM32>\dumprep.exe' 2924 -dm 7 7 %TEMP%\WERa815.dir00\winhelp.exe.hdmp 16325836412027096
- '<SYSTEM32>\dumprep.exe' 2924 -dm 7 7 %TEMP%\WERa815.dir00\winhelp.exe.mdmp 16325836412027076
- %TEMP%\WERa815.dir00\appcompat.txt
- %TEMP%\WERa815.dir00\manifest.txt
- %TEMP%\WERa815.dir00\winhelp.exe.hdmp
- %APPDATA%\alFSVWJB\winhelp.exe
- %TEMP%\WERa815.dir00\winhelp.exe.mdmp
- %APPDATA%\alFSVWJB\winhelp.exe
- ClassName: 'Shell_TrayWnd' WindowName: ''