Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] 'wextract_cleanup0' = 'rundll32.exe <SYSTEM32>\advpack.dll,DelNodeRunDLL32 "%TEMP%\IXP000.TMP\"'
- '%TEMP%\IXP000.TMP\QUICKTIMEINSTALLER.EXE'
- '%TEMP%\IXP000.TMP\rundii32.exe'
- %TEMP%\~vis0000\DeutschLicense.txt
- %TEMP%\~vis0000\SpanishLicense.txt
- %TEMP%\~vis0000\ItalianLicense.txt
- %TEMP%\~vis0000\Panel.bmp
- %TEMP%\~vis0000\LicenseLanguageStrs.ini
- %TEMP%\~vis0000\EnglishLicense.txt
- %TEMP%\~vis0000\NederlandsLicense.txt
- %TEMP%\~vis0000\QTExtCode.dll
- %TEMP%\~vis0000\QuickTime1.reg
- %TEMP%\~vis0000\QuickTime2.reg
- %TEMP%\~vis0000\SvenskLicense.txt
- %TEMP%\~vis0000\FrenchLicense.txt
- %TEMP%\~vis0000\JapaneseLicense.txt
- %TEMP%\php2.tmp
- %TEMP%\php3.tmp
- %TEMP%\~vis0000\vise32ex.dll
- %TEMP%\IXP000.TMP\rundii32.exe
- %TEMP%\IXP000.TMP\QUICKTIMEINSTALLER.EXE
- %TEMP%\php1.tmp
- %TEMP%\~vis0000\English.vlg
- %TEMP%\~vis0000\uninst32.exe
- %TEMP%\~vis0000\default.bmp
- %TEMP%\~vis0000\welcome.bmp
- %TEMP%\~vis0000\tcpip32.dll
- %TEMP%\~vis0000\miscdata.xyz
- %TEMP%\~vis0000\rebootnt.exe
- %TEMP%\~vis0000\miscdata.xyz
- 'vc##ats.com':80
- vc##ats.com/url.php
- DNS ASK vc##ats.com
- ClassName: 'Shell_TrayWnd' WindowName: '(null)'