Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] '{2af972c7-13b0-4978-92a8-fee26a4fb4e9}' = '"%ALLUSERSPROFILE%\Application Data\Package Cache\{2af972c7-13b0-4978-92a8-fee26a4fb4e9}\vcredist_x86.exe" /quiet /norestart /burn.log.append "%TEMP%\dd_vcredist_x86_20140327121447.log" /burn.runonce'
- '%TEMP%\{2af972c7-13b0-4978-92a8-fee26a4fb4e9}\.be\vcredist_x86.exe' -q -burn.elevated BurnPipe.{C0028294-7BC3-42CE-B106-19BB51BDF59C} {748C1620-97E1-40E5-B076-7997E411D7DB} 2976
- '%TEMP%\VCRedist\VCRedist_x86\MVC+2013\12.0.21005.1\vcredist_x86.exe' /quiet /norestart
- '<SYSTEM32>\msiexec.exe' /i "%TEMP%\VCRedist\VCRedist_x86\MVC+2013\12.0.21005.1\Additional\vc_runtimeAdditional_x86.msi" /qn
- '<SYSTEM32>\msiexec.exe' /V
- '<SYSTEM32>\msiexec.exe' /i "%TEMP%\VCRedist\VCRedist_x86\MVC+2013\12.0.21005.1\Minimum\vc_runtimeMinimum_x86.msi" /qn
- <Полный путь к вирусу>
- %TEMP%\{2af972c7-13b0-4978-92a8-fee26a4fb4e9}\.be\vcredist_x86.exe
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP16\rp.log
- %TEMP%\dd_vcredist_x86_20140327121447.log
- %TEMP%\{2af972c7-13b0-4978-92a8-fee26a4fb4e9}\.ba1\license.rtf
- %TEMP%\{2af972c7-13b0-4978-92a8-fee26a4fb4e9}\.ba1\BootstrapperApplicationData.xml
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP16\snapshot\_REGISTRY_USER_NTUSER_S-1-5-20
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP16\snapshot\_REGISTRY_USER_USRCLASS_S-1-5-20
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP16\snapshot\_REGISTRY_USER_USRCLASS_S-1-5-19
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP16\snapshot\_REGISTRY_USER_NTUSER_S-1-5-18
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP16\snapshot\_REGISTRY_USER_NTUSER_S-1-5-19
- %TEMP%\{2af972c7-13b0-4978-92a8-fee26a4fb4e9}\.ba1\logo.png
- <SYSTEM32>\mfc120rus.dll
- <SYSTEM32>\mfc120u.dll
- <SYSTEM32>\mfc120kor.dll
- <SYSTEM32>\mfc120ita.dll
- <SYSTEM32>\mfc120jpn.dll
- %TEMP%\{2af972c7-13b0-4978-92a8-fee26a4fb4e9}\.ba1\thm.xml
- %TEMP%\{2af972c7-13b0-4978-92a8-fee26a4fb4e9}\.ba1\thm.wxl
- %TEMP%\{2af972c7-13b0-4978-92a8-fee26a4fb4e9}\.ba1\wixstdba.dll
- <SYSTEM32>\mfcm120.dll
- <SYSTEM32>\mfcm120u.dll
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP16\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-2052111302-484763869-725345543-1003
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP16\snapshot\Repository\FS\INDEX.MAP
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP16\snapshot\Repository\FS\MAPPING.VER
- %ALLUSERSPROFILE%\Application Data\Package Cache\{2af972c7-13b0-4978-92a8-fee26a4fb4e9}\state.rsm
- %ALLUSERSPROFILE%\Application Data\Package Cache\{2af972c7-13b0-4978-92a8-fee26a4fb4e9}\vcredist_x86.exe
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP16\snapshot\Repository\FS\INDEX.BTR
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP16\snapshot\Repository\FS\OBJECTS.MAP
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP16\RestorePointSize
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP16\snapshot\Repository\FS\OBJECTS.DATA
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP16\snapshot\Repository\FS\MAPPING1.MAP
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP16\snapshot\Repository\FS\MAPPING2.MAP
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP16\snapshot\Repository\$WinMgmt.CFG
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP16\snapshot\_REGISTRY_MACHINE_SOFTWARE
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP16\snapshot\_REGISTRY_MACHINE_SYSTEM
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP16\snapshot\_REGISTRY_MACHINE_SECURITY
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP16\snapshot\_REGISTRY_USER_USRCLASS_S-1-5-21-2052111302-484763869-725345543-1003
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP16\snapshot\_REGISTRY_USER_.DEFAULT
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\drivetable.txt
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP15\drivetable.txt
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP16\snapshot\domain.txt
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP16\snapshot\_REGISTRY_MACHINE_SAM
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP16\snapshot\ComDb.Dat
- %TEMP%\VCRedist\VCRedist_x86\MVC+2013\12.0.21005.1\Additional\System\mfc120kor.dll
- %TEMP%\VCRedist\VCRedist_x86\MVC+2013\12.0.21005.1\Additional\System\mfc120rus.dll
- %TEMP%\VCRedist\VCRedist_x86\MVC+2013\12.0.21005.1\Additional\System\mfc120jpn.dll
- %TEMP%\VCRedist\VCRedist_x86\MVC+2013\12.0.21005.1\Additional\System\mfc120fra.dll
- %TEMP%\VCRedist\VCRedist_x86\MVC+2013\12.0.21005.1\Additional\System\mfc120ita.dll
- %TEMP%\VCRedist\VCRedist_x86\MVC+2013\12.0.21005.1\Minimum\vc_runtimeMinimum_x86.msi
- %TEMP%\VCRedist\VCRedist_x86\MVC+2013\12.0.21005.1\Minimum\System\msvcp120.dll
- %TEMP%\VCRedist\VCRedist_x86\MVC+2013\12.0.21005.1\Additional\System\mfcm120u.dll
- %TEMP%\VCRedist\VCRedist_x86\MVC+2013\12.0.21005.1\Additional\System\mfc120u.dll
- %TEMP%\VCRedist\VCRedist_x86\MVC+2013\12.0.21005.1\Additional\System\mfcm120.dll
- %TEMP%\VCRedist\VCRedist_x86\MVC+2013\12.0.21005.1\Additional\System\mfc120esn.dll
- %TEMP%\VCRedist\VCRedist_x86\MVC+2013\12.0.21005.1\vcredist_x86.exe
- %TEMP%\VCRedist\VCRedist_x86\MVC+2013\12.0.21005.1\Additional\vc_runtimeAdditional_x86.msi
- %TEMP%\nsd3.tmp\System.dll
- %TEMP%\nsn2.tmp
- %TEMP%\nsd3.tmp\modern-header.bmp
- %TEMP%\VCRedist\VCRedist_x86\MVC+2013\12.0.21005.1\Additional\System\mfc120deu.dll
- %TEMP%\VCRedist\VCRedist_x86\MVC+2013\12.0.21005.1\Additional\System\mfc120enu.dll
- %TEMP%\VCRedist\VCRedist_x86\MVC+2013\12.0.21005.1\Additional\System\mfc120cht.dll
- %TEMP%\VCRedist\VCRedist_x86\MVC+2013\12.0.21005.1\Additional\System\mfc120.dll
- %TEMP%\VCRedist\VCRedist_x86\MVC+2013\12.0.21005.1\Additional\System\mfc120chs.dll
- %TEMP%\VCRedist\VCRedist_x86\MVC+2013\12.0.21005.1\Minimum\System\msvcr120.dll
- <SYSTEM32>\mfc120.dll
- <SYSTEM32>\mfc120chs.dll
- C:\Config.Msi\29a5a.rbs
- %WINDIR%\Installer\29a57.msi
- %WINDIR%\Installer\MSI7.tmp
- <SYSTEM32>\mfc120esn.dll
- <SYSTEM32>\mfc120fra.dll
- <SYSTEM32>\mfc120enu.dll
- <SYSTEM32>\mfc120cht.dll
- <SYSTEM32>\mfc120deu.dll
- %TEMP%\MSI2dedd.LOG
- %TEMP%\MSI27db2.LOG
- %WINDIR%\Installer\29a52.msi
- %TEMP%\VCRedist\VCRedist_x86\MVC+2013\12.0.21005.1\Minimum\System\vcomp120.dll
- %TEMP%\VCRedist\VCRedist_x86\MVC+2013\12.0.21005.1\Minimum\System\vcamp120.dll
- %TEMP%\VCRedist\VCRedist_x86\MVC+2013\12.0.21005.1\Minimum\System\vccorlib120.dll
- <SYSTEM32>\msvcr120.dll
- <SYSTEM32>\vcomp120.dll
- <SYSTEM32>\msvcp120.dll
- %WINDIR%\Installer\MSI4.tmp
- C:\Config.Msi\29a55.rbs
- %TEMP%\VCRedist\VCRedist_x86\MVC+2013\12.0.21005.1\Additional\System\mfcm120u.dll
- %TEMP%\VCRedist\VCRedist_x86\MVC+2013\12.0.21005.1\Additional\System\mfcm120.dll
- %TEMP%\VCRedist\VCRedist_x86\MVC+2013\12.0.21005.1\Additional\vc_runtimeAdditional_x86.msi
- %TEMP%\VCRedist\VCRedist_x86\MVC+2013\12.0.21005.1\Minimum\System\msvcr120.dll
- %TEMP%\VCRedist\VCRedist_x86\MVC+2013\12.0.21005.1\Minimum\System\msvcp120.dll
- %TEMP%\VCRedist\VCRedist_x86\MVC+2013\12.0.21005.1\Additional\System\mfc120jpn.dll
- %TEMP%\VCRedist\VCRedist_x86\MVC+2013\12.0.21005.1\Additional\System\mfc120ita.dll
- %TEMP%\VCRedist\VCRedist_x86\MVC+2013\12.0.21005.1\Additional\System\mfc120kor.dll
- %TEMP%\VCRedist\VCRedist_x86\MVC+2013\12.0.21005.1\Additional\System\mfc120u.dll
- %TEMP%\VCRedist\VCRedist_x86\MVC+2013\12.0.21005.1\Additional\System\mfc120rus.dll
- %TEMP%\MSI27db2.LOG
- %TEMP%\dd_vcredist_x86_20140327121447.log
- %TEMP%\MSI2dedd.LOG
- %TEMP%\nsd3.tmp\System.dll
- %TEMP%\nsd3.tmp\modern-header.bmp
- %TEMP%\VCRedist\VCRedist_x86\MVC+2013\12.0.21005.1\Minimum\System\vccorlib120.dll
- %TEMP%\VCRedist\VCRedist_x86\MVC+2013\12.0.21005.1\Minimum\System\vcamp120.dll
- %TEMP%\VCRedist\VCRedist_x86\MVC+2013\12.0.21005.1\Minimum\System\vcomp120.dll
- %TEMP%\VCRedist\VCRedist_x86\MVC+2013\12.0.21005.1\vcredist_x86.exe
- %TEMP%\VCRedist\VCRedist_x86\MVC+2013\12.0.21005.1\Minimum\vc_runtimeMinimum_x86.msi
- %TEMP%\{2af972c7-13b0-4978-92a8-fee26a4fb4e9}\.be\vcredist_x86.exe
- %WINDIR%\Installer\29a57.msi
- %TEMP%\{2af972c7-13b0-4978-92a8-fee26a4fb4e9}\.ba1\BootstrapperApplicationData.xml
- %TEMP%\{2af972c7-13b0-4978-92a8-fee26a4fb4e9}\.ba1\logo.png
- %TEMP%\{2af972c7-13b0-4978-92a8-fee26a4fb4e9}\.ba1\license.rtf
- C:\Config.Msi\29a55.rbs
- %WINDIR%\Installer\MSI4.tmp
- %WINDIR%\Installer\29a52.msi
- C:\Config.Msi\29a5a.rbs
- %WINDIR%\Installer\MSI7.tmp
- %TEMP%\VCRedist\VCRedist_x86\MVC+2013\12.0.21005.1\Additional\System\mfc120deu.dll
- %TEMP%\VCRedist\VCRedist_x86\MVC+2013\12.0.21005.1\Additional\System\mfc120cht.dll
- %TEMP%\VCRedist\VCRedist_x86\MVC+2013\12.0.21005.1\Additional\System\mfc120enu.dll
- %TEMP%\VCRedist\VCRedist_x86\MVC+2013\12.0.21005.1\Additional\System\mfc120fra.dll
- %TEMP%\VCRedist\VCRedist_x86\MVC+2013\12.0.21005.1\Additional\System\mfc120esn.dll
- %TEMP%\{2af972c7-13b0-4978-92a8-fee26a4fb4e9}\.ba1\thm.xml
- %TEMP%\{2af972c7-13b0-4978-92a8-fee26a4fb4e9}\.ba1\thm.wxl
- %TEMP%\{2af972c7-13b0-4978-92a8-fee26a4fb4e9}\.ba1\wixstdba.dll
- %TEMP%\VCRedist\VCRedist_x86\MVC+2013\12.0.21005.1\Additional\System\mfc120chs.dll
- %TEMP%\VCRedist\VCRedist_x86\MVC+2013\12.0.21005.1\Additional\System\mfc120.dll
- ClassName: 'Shell_TrayWnd' WindowName: '(null)'