Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] 'wextract_cleanup0' = 'rundll32.exe <SYSTEM32>\advpack.dll,DelNodeRunDLL32 "%TEMP%\IXP000.TMP\"'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] ':\Program Files\Common Files\svchtst.exe 20121023171254.exe' = '%CommonProgramFiles%\svchtst.exe 20121023171254.exe'
- %CommonProgramFiles%\svchtst.exe 20121023171254.exe
- %TEMP%\IXP000.TMP\C_PAQ_~1.EXE
- C:\417.exe
- C:\C_PAQ_3.5.exe
- <SYSTEM32>\taskkill.exe /f /im Ksafetray.exe
- %TEMP%\IXP000.TMP\C_PAQ_~1.EXE
- %TEMP%\IXP000.TMP\server.exe
- C:\417.exe
- C:\C_PAQ_3.5.exe
- C:\C_PAQ_3.5.exe
- C:\417.exe
- C:\417.exe в %CommonProgramFiles%\svchtst.exe 20121023171254.exe
- 'xx#####1983.gicp.net':9000
- DNS ASK xx#####1983.gicp.net
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: '' WindowName: ''