Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'SPW Windows Service' = '%APPDATA%\SPW Windows Service\SPW Windows Service.exe.exe'
- %WINDIR%\microsoft.net\framework\v2.0.50727\regasm.exe
- %TEMP%\appdata1
- %APPDATA%\spw windows service\spw windows service.exe.exe
- '%WINDIR%\syswow64\rundll32.exe' <SYSTEM32>\shell32.dll,OpenAs_RunDLL %TEMP%\AppData1