Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] 'wextract_cleanup0' = 'rundll32.exe <SYSTEM32>\advpack.dll,DelNodeRunDLL32 ""%TEMP%\IXP000.TMP\""'
- <SYSTEM32>\netshh.exe "<SYSTEM32>\c__860.nls"
- <SYSTEM32>\at.exe 20:04 <SYSTEM32>\cmd.exe /c del /F /Q ""%TEMP%\ remove.exe""
- <SYSTEM32>\at.exe 19:32 /every:Th "<SYSTEM32>\netshh.exe"
- <SYSTEM32>\regsvr32.exe /s "<SYSTEM32>\mmcbaase.dll"
- <SYSTEM32>\netshh.exe
- <SYSTEM32>\c_100010.nls
- %TEMP%\IXP000.TMP\onmove
- <SYSTEM32>\c__860.nls
- <SYSTEM32>\2037\inf2037.dat
- <SYSTEM32>\mmcbaase.dll
- <SYSTEM32>\c_0337.nls
- %TEMP%\IXP000.TMP\setup.exe
- %TEMP%\ remove.exe
- %TEMP%\ Keygen.exe
- %TEMP%\IXP000.TMP\lgdriver32
- %TEMP%\IXP000.TMP\CRASHNAVLEGEND
- %TEMP%\IXP000.TMP\wsetlocl
- %TEMP%\IXP000.TMP\handsafe
- %TEMP%\IXP000.TMP\handsafe
- %TEMP%\IXP000.TMP\lgdriver32
- %TEMP%\IXP000.TMP\setup.exe
- %TEMP%\IXP000.TMP\onmove
- %TEMP%\IXP000.TMP\CRASHNAVLEGEND
- %TEMP%\IXP000.TMP\wsetlocl
- ClassName: 'Shell_TrayWnd' WindowName: ''