Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'Sub7' = '%APPDATA%\sub7\host.exe'
- '%APPDATA%\sub7\host.exe' "%WINDIR%\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe"
- '%HOMEPATH%\x6y266e681435d\dwm.com' WTmqH.QKV
- '<SYSTEM32>\msdtc.exe'
- '%WINDIR%\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe'
- '<SYSTEM32>\rundll32.exe' <SYSTEM32>\shell32.dll,OpenAs_RunDLL %HOMEPATH%\x6y266e681435d\102036658-Edmundson.pdf
- %WINDIR%\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe
- %HOMEPATH%\x6y266e681435d\102036658-Edmundson.pdf
- %TEMP%\~a21524.log
- %APPDATA%\sub7\host.exe
- %HOMEPATH%\x6y266e681435d\qffafBapvU.PQB
- %HOMEPATH%\x6y266e681435d\QOYk.OUI
- %HOMEPATH%\x6y266e681435d\dwm.com
- %HOMEPATH%\x6y266e681435d\WTmqH.QKV
- %HOMEPATH%\x6y266e681435d\WTmqH.QKV
- %HOMEPATH%\x6y266e681435d\qffafBapvU.PQB
- %HOMEPATH%\x6y266e681435d\QOYk.OUI
- %HOMEPATH%\x6y266e681435d\dwm.com
- ClassName: 'Shell_TrayWnd' WindowName: '(null)'
- ClassName: 'EDIT' WindowName: '(null)'