Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] '{342BC423-3713-224D-3F55-32B35C62B1E3}' = 'xpepri.dll'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'WSVBRS' = '%WINDIR%\WSVBRS.exe'
- '%TEMP%\RarSFX0\tlbb.exe'
- '%WINDIR%\WSVBRS.exe' @%TEMP%\RarSFX0\mhxy.exe@2888
- '%TEMP%\RarSFX0\mhxy.exe'
- '<SYSTEM32>\attrib.exe' "%TEMP%\RarSFX0\tlbb.exe" -r -a -s -h
- '<SYSTEM32>\cmd.exe' /c <SYSTEM32>\DeleteFileDos.bat
- %WINDIR%\Explorer.EXE
- ClassName: 'AVP.Product_Notification' WindowName: ''
- ClassName: 'AVP.AlertDialog' WindowName: ''
- <SYSTEM32>\xpepri.dll
- <SYSTEM32>\WSVBRS.dll
- <SYSTEM32>\DeleteFileDos.bat
- <SYSTEM32>\pipini.dll
- %WINDIR%\WSVBRS.exe
- %TEMP%\RarSFX0\wmgj.exe
- %TEMP%\RarSFX0\tlbb.exe
- %TEMP%\RarSFX0\mhxy.exe
- %TEMP%\RarSFX0\wlwz.exe
- <SYSTEM32>\xpepri.dll
- %TEMP%\RarSFX0\tlbb.exe
- %TEMP%\RarSFX0\mhxy.exe
- ClassName: '' WindowName: '??????????????????'
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: 'EDIT' WindowName: ''