Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'a74a781624e3044cbc19a7e63cf047e7' = '%APPDATA%\a74a781624e3044cbc19a7e63cf047e7\a74a781624e3044cbc19a7e63cf047e7.exe'
- [<HKCU>\Software\Microsoft\Windows NT\CurrentVersion\Windows] 'Load' = '%APPDATA%\Update\Updater.exe.lnk '
- '%HOMEPATH%\AppData\Roaming\tmp.exe'
- '%CommonProgramFiles%\Microsoft Shared\DW\DW20.EXE' -x -s 304
- '<SYSTEM32>\cmd.exe'
- '<SYSTEM32>\reg.exe' add "HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows" /v Load /t REG_SZ /d "%APPDATA%\Update\Updater.exe.lnk " /f
- %TEMP%\2C6FF.dmp
- %APPDATA%\a74a781624e3044cbc19a7e63cf047e7\a74a781624e3044cbc19a7e63cf047e7.exe
- %APPDATA%\a74a781624e3044cbc19a7e63cf047e7\m.exe
- %TEMP%\dw.log
- %HOMEPATH%\AppData\Roaming\Update\Updater.exe.lnk
- %HOMEPATH%\AppData\Roaming\tmp.exe
- %HOMEPATH%\AppData\Roaming\svhost.exe
- %APPDATA%\a74a781624e3044cbc19a7e63cf047e7\m.exe в %APPDATA%\a74a781624e3044cbc19a7e63cf047e7\updater.exe
- ClassName: 'Shell_TrayWnd' WindowName: ''