Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] 'wextract_cleanup0' = 'rundll32.exe <SYSTEM32>\advpack.dll,DelNodeRunDLL32 ""%TEMP%\IXP000.TMP\""'
- <SYSTEM32>\rundll322.exe "<SYSTEM32>\c_220127.nls"
- <SYSTEM32>\at.exe 15:20 <SYSTEM32>\cmd.exe /c del /F /Q ""%TEMP%\ remove.exe""
- <SYSTEM32>\at.exe 14:46 /every:M "<SYSTEM32>\rundll322.exe"
- <SYSTEM32>\regsvr32.exe /s "<SYSTEM32>\confmspp.dll"
- <SYSTEM32>\rundll322.exe
- <SYSTEM32>\c_100779.nls
- %TEMP%\IXP000.TMP\onmove
- <SYSTEM32>\c_220127.nls
- <SYSTEM32>\3001\inf3001.dat
- <SYSTEM32>\confmspp.dll
- <SYSTEM32>\c_288593.nls
- %TEMP%\IXP000.TMP\setup.exe
- %TEMP%\ remove.exe
- %TEMP%\ Launcher.exe
- %TEMP%\IXP000.TMP\lgdriver32
- %TEMP%\IXP000.TMP\CRASHNAVLEGEND
- %TEMP%\IXP000.TMP\wsetlocl
- %TEMP%\IXP000.TMP\handsafe
- %TEMP%\IXP000.TMP\handsafe
- %TEMP%\IXP000.TMP\lgdriver32
- %TEMP%\IXP000.TMP\setup.exe
- %TEMP%\IXP000.TMP\onmove
- %TEMP%\IXP000.TMP\CRASHNAVLEGEND
- %TEMP%\IXP000.TMP\wsetlocl