Техническая информация
- [<HKLM>\System\CurrentControlSet\Services\Wssuao yweqsgas] 'Start' = '00000002'
- [<HKLM>\System\CurrentControlSet\Services\Wssuao yweqsgas] 'ImagePath' = '%WINDIR%\Ymrdzbk.exe'
- %WINDIR%\ymrdzbk.exe
- %PROGRAMDATA%\microsoft\windows\wer\reportqueue\appcrash_ymrdzbk.exe_be3ed6324987bbed64302484e3453f6749a3d7db_cab_073c2750\report.wer.tmp
- %PROGRAMDATA%\microsoft\windows\wer\reportqueue\appcrash_ymrdzbk.exe_be3ed6324987bbed64302484e3453f6749a3d7db_cab_073c2750\report.wer.tmp в %PROGRAMDATA%\microsoft\windows\wer\reportqueue\appcrash_ymrdzbk.exe_be3ed6324987bbed64302484e3453f6749a3d7db_cab_073c2750\report.wer
- '11#.#04.185.141':2014
- ClassName: 'CTXOPConntion_Class' WindowName: ''
- '%WINDIR%\ymrdzbk.exe'
- '%WINDIR%\ymrdzbk.exe' Win7
- '<SYSTEM32>\wermgr.exe' "-queuereporting_svc" "%PROGRAMDATA%\Microsoft\Windows\WER\ReportQueue\AppCrash_Ymrdzbk.exe_be3ed6324987bbed64302484e3453f6749a3d7db_cab_073c2750"' (со скрытым окном)
- '<SYSTEM32>\wermgr.exe' "-queuereporting_svc" "%PROGRAMDATA%\Microsoft\Windows\WER\ReportQueue\AppCrash_Ymrdzbk.exe_be3ed6324987bbed64302484e3453f6749a3d7db_cab_073c2750"