Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] 'wextract_cleanup0' = 'rundll32.exe <SYSTEM32>\advpack.dll,DelNodeRunDLL32 "%TEMP%\IXP000.TMP\"'
- %HOMEPATH%\Start Menu\Programs\Startup\ComObj.lnk
- '<SYSTEM32>\regsvr32.exe' /s /n /i:"%APPDATA%\Drm\892946.dat" "%APPDATA%\Drm\16531.dll"
- '<SYSTEM32>\regsvr32.exe' /s /n /i:"$$.pdf" Project1.dll
- %APPDATA%\Drm\16531.dll
- %APPDATA%\Drm\892946.dat
- %TEMP%\IXP000.TMP\$$.pdf
- %TEMP%\IXP000.TMP\Project1.dll
- %TEMP%\IXP000.TMP\shell.dat
- %TEMP%\IXP000.TMP\Project1.dll
- %TEMP%\IXP000.TMP\shell.dat
- %TEMP%\IXP000.TMP\$$.pdf
- 'we#.##tlooksysm.net':80
- DNS ASK we#.##tlooksysm.net