Техническая информация
- %TEMP%\_ir_sf7_temp_0\irsetup.exe "__IRAFN:<Полный путь к вирусу>"
- <SYSTEM32>\MSINET.OCX
- %PROGRAM_FILES%\Microsoft Office\ReadBook.exe
- %PROGRAM_FILES%\Microsoft Office\Uninstall\uninstall.xml
- <SYSTEM32>\syshost.exe
- %PROGRAM_FILES%\Microsoft Office\Uninstall\IRIMG2.JPG
- %ALLUSERSPROFILE%\Start Menu\Programs\Microsoft Office\Р¶ФШ Microsoft Office.lnk
- %ALLUSERSPROFILE%\Start Menu\Programs\Microsoft Office\Microsoft Office ReadBook.lnk
- %PROGRAM_FILES%\Microsoft Office\Uninstall\IRIMG1.JPG
- %TEMP%\_ir_sf7_temp_0\IRIMG1.JPG
- %TEMP%\_ir_sf7_temp_0\IRIMG2.JPG
- %TEMP%\_ir_sf7_temp_0\irsetup.exe
- %TEMP%\_ir_sf7_temp_0\irsetup.dat
- %PROGRAM_FILES%\Microsoft Office\Uninstall\uninstall.dat
- %WINDIR%\Microsoft Office\uninstall.exe
- %WINDIR%\Microsoft Office Setup Log.txt
- %PROGRAM_FILES%\Microsoft Office\Uninstall\uni1.tmp
- %PROGRAM_FILES%\Microsoft Office\Uninstall\uni1.tmp
- %TEMP%\_ir_sf7_temp_0\irsetup.dat
- ClassName: 'Shell_TrayWnd' WindowName: ''