Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] 'wextract_cleanup0' = 'rundll32.exe <SYSTEM32>\advpack.dll,DelNodeRunDLL32 "%TEMP%\IXP000.TMP\"'
- [<HKLM>\SYSTEM\ControlSet001\Services\AudioSrv] 'Start' = '00000002'
- '%TEMP%\IXP000.TMP\`ЙсВлґ«Жж.exe'
- '%TEMP%\rtkljxlqjr' a -s%TEMP%\IXP000.TMP\dlq.exe
- '%TEMP%\IXP000.TMP\dlq.exe'
- %TEMP%\gqwqlvdxyl.dat
- <SYSTEM32>\51e92691.rdb
- <SYSTEM32>\bldilnsyth
- %TEMP%\IXP000.TMP\fsgpfchcc
- %TEMP%\IXP000.TMP\dlq.exe
- %TEMP%\IXP000.TMP\`ЙсВлґ«Жж.exe
- %TEMP%\rtkljxlqjr
- <SYSTEM32>\bldilnsyth
- <SYSTEM32>\config\SysEvent.Evt
- %TEMP%\rtk
- <SYSTEM32>\config\SecEvent.Evt
- %TEMP%\IXP000.TMP\dlq.exe
- %TEMP%\IXP000.TMP\fsgpfchcc
- <SYSTEM32>\config\AppEvent.Evt
- %TEMP%\gqwqlvdxyl.dat в %ALLUSERSPROFILE%\WinRAR\%SESSIONNAME%\lvyht.xm
- %TEMP%\rtkljxlqjr в %TEMP%\rtk
- 'sh####k.3322.org':326
- DNS ASK qu#.#h-lb.com
- DNS ASK qu##.qh-lb.com
- DNS ASK sd##.360.cn
- DNS ASK sd###.360.cn
- DNS ASK sd##.qh-lb.com
- DNS ASK sh####k.3322.org
- DNS ASK co##.f.360.cn
- DNS ASK qu#.#.360.cn
- DNS ASK qu##.f.360.cn
- DNS ASK u.###l.f.360.cn
- ClassName: '(null)' WindowName: '(null)'
- ClassName: 'Shell_TrayWnd' WindowName: '(null)'