Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] 'wextract_cleanup0' = 'rundll32.exe <SYSTEM32>\advpack.dll,DelNodeRunDLL32 "%TEMP%\IXP000.TMP\"'
- %WINDIR%\Tasks\At2.job
- %WINDIR%\Tasks\At1.job
- '%TEMP%\IXP000.TMP\setup.exe' cXedYDKK 05 0 5 2 DXSETUP Pcrash1 UsingTheGPS17 msgbldui PICPARADISE17 SPLUME3 APX52240 STU5318E messeBump
- '<SYSTEM32>\at.exe' 15:05 <SYSTEM32>\cmd.exe /c del /F /Q "<Полный путь к вирусу>"
- '<SYSTEM32>\at.exe' 14:01 /every:Th "<SYSTEM32>\poweercfg.exe"
- <SYSTEM32>\c_285991.nls
- <SYSTEM32>\c_12522.nls
- <SYSTEM32>\c_7755.nls
- <SYSTEM32>\brrowsewm.dll
- <SYSTEM32>\mqqcertui.dll
- <SYSTEM32>\c__861.nls
- <SYSTEM32>\c_200905.nls
- <SYSTEM32>\poweercfg.exe
- <SYSTEM32>\dppvvox.dll
- <SYSTEM32>\1004\inf1004.dat
- %TEMP%\IXP000.TMP\UsingTheGPS17
- %TEMP%\IXP000.TMP\msgbldui
- %TEMP%\IXP000.TMP\Pcrash1
- %TEMP%\IXP000.TMP\setup.exe
- %TEMP%\IXP000.TMP\DXSETUP
- %TEMP%\IXP000.TMP\STU5318E
- %TEMP%\IXP000.TMP\messeBump
- %TEMP%\IXP000.TMP\APX52240
- %TEMP%\IXP000.TMP\PICPARADISE17
- %TEMP%\IXP000.TMP\SPLUME3
- %TEMP%\IXP000.TMP\setup.exe
- %TEMP%\IXP000.TMP\DXSETUP
- %TEMP%\IXP000.TMP\Pcrash1
- %WINDIR%\Tasks\At2.job
- %TEMP%\IXP000.TMP\setup.exe.dll.dll
- %TEMP%\IXP000.TMP\setup.exe.dll
- %TEMP%\IXP000.TMP\UsingTheGPS17
- %TEMP%\IXP000.TMP\APX52240
- %TEMP%\IXP000.TMP\STU5318E
- %TEMP%\IXP000.TMP\messeBump
- %TEMP%\IXP000.TMP\msgbldui
- %TEMP%\IXP000.TMP\PICPARADISE17
- %TEMP%\IXP000.TMP\SPLUME3