Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'Windows Audio Manager' = '<SYSTEM32>\wam.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'Windows Audio Manager' = '<SYSTEM32>\wam.exe'
- '%TEMP%\wkv.exe' /stext %APPDATA%\wkey.dat
- '<SYSTEM32>\schtasks.exe' /delete /tn "Windows Audio Manager" /f
- %TEMP%\tmp32218\file3.dat
- %TEMP%\aut5.tmp
- %TEMP%\tmp32218\file2.dat
- %TEMP%\aut6.tmp
- %TEMP%\tmp32218\RCX7.tmp
- %TEMP%\tmp32218\TempLauncher.exe
- %TEMP%\tmp32218\file4.dat
- <SYSTEM32>\wam.exe
- %TEMP%\wkv.exe
- %TEMP%\aut1.tmp
- <SYSTEM32>\RCX2.tmp
- %TEMP%\aut4.tmp
- %TEMP%\tmp32218\file1.dat
- %TEMP%\aut3.tmp
- %TEMP%\aut5.tmp
- %TEMP%\aut6.tmp
- %TEMP%\wkv.exe
- %TEMP%\aut4.tmp
- %TEMP%\aut1.tmp
- <SYSTEM32>\wam.exe
- %TEMP%\aut3.tmp
- <SYSTEM32>\RCX2.tmp в <SYSTEM32>\wam.exe
- ClassName: 'Indicator' WindowName: ''