Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] 'wextract_cleanup1' = 'rundll32.exe <SYSTEM32>\advpack.dll,DelNodeRunDLL32 ""%TEMP%\IXP001.TMP\""'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] 'wextract_cleanup0' = 'rundll32.exe <SYSTEM32>\advpack.dll,DelNodeRunDLL32 ""%TEMP%\IXP000.TMP\""'
- <SYSTEM32>\ntvdm.exe -f -i3
- <SYSTEM32>\ntvdm.exe -f -i4
- <SYSTEM32>\ntvdm.exe -f -i1
- <SYSTEM32>\ntvdm.exe -f -i2
- %WINDIR%\Temp\scs5.tmp
- %WINDIR%\Temp\scs4.tmp
- %WINDIR%\Temp\scs6.tmp
- %WINDIR%\Temp\scs8.tmp
- %WINDIR%\Temp\scs7.tmp
- %WINDIR%\Temp\scs3.tmp
- %ALLUSERSPROFILE%\Application Data\jI82l\PCGWIN32.LI5
- %TEMP%\IXP000.TMP\Nashy3.exe
- %TEMP%\IXP001.TMP\Nashy1.exe
- %WINDIR%\Temp\scs2.tmp
- %WINDIR%\Temp\scs1.tmp
- %ALLUSERSPROFILE%\Application Data\jI82l\PCGWIN32.LI5
- %WINDIR%\Temp\scs6.tmp
- %WINDIR%\Temp\scs5.tmp
- %WINDIR%\Temp\scs7.tmp
- %TEMP%\IXP000.TMP\Nashy3.exe
- %WINDIR%\Temp\scs8.tmp
- %WINDIR%\Temp\scs2.tmp
- %WINDIR%\Temp\scs1.tmp
- %WINDIR%\Temp\scs3.tmp
- %TEMP%\IXP001.TMP\Nashy1.exe
- %WINDIR%\Temp\scs4.tmp
- ClassName: 'ConsoleWindowClass' WindowName: 'ntvdm-b74.b78.3c0001'
- ClassName: 'ConsoleWindowClass' WindowName: 'ntvdm-b8c.b90.3d0001'
- ClassName: 'ConsoleWindowClass' WindowName: 'ntvdm-b14.b18.3b0001'
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: 'ConsoleWindowClass' WindowName: 'ntvdm-afc.b00.3a0001'