Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'Windows Client Profile' = '%APPDATA%\Roaming\wscl.exe'
- '%APPDATA%\Roaming\wscl.exe'
- '<SYSTEM32>\wermgr.exe' -queuereporting
- %TEMP%\nszD78A.tmp
- %TEMP%\nskD99E.tmp\fYWFjUcjtEhEKSEtb.dll
- %TEMP%\nskD99E.tmp\aDmVXvJkCnMKa
- %TEMP%\nszC459.tmp\aDmVXvJkCnMKa
- %TEMP%\nsuC1D9.tmp
- %APPDATA%\Roaming\wscl.exe
- %TEMP%\nszC459.tmp\fYWFjUcjtEhEKSEtb.dll
- %TEMP%\nskD99E.tmp\aDmVXvJkCnMKa
- %TEMP%\nskD99E.tmp\fYWFjUcjtEhEKSEtb.dll
- %TEMP%\nszC459.tmp\aDmVXvJkCnMKa
- %TEMP%\nszC459.tmp\fYWFjUcjtEhEKSEtb.dll
- ClassName: 'Indicator' WindowName: '(null)'