Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] 'wextract_cleanup0' = 'rundll32.exe <SYSTEM32>\advpack.dll,DelNodeRunDLL32 "%TEMP%\IXP000.TMP\"'
- %WINDIR%\Tasks\At1.job
- '%TEMP%\_MountainTrap.exe'
- '%TEMP%\IXP000.TMP\MountainTrap.exe' 4057463426 WP9WXzHT 0X 0 5 3 loginname PhysXDevice64 teefunci cvx0630 sprite _MountainTrap.exe
- '<SYSTEM32>\at.exe' 06:12 /every:Th "<SYSTEM32>\gpresullt.exe" "<SYSTEM32>\cfgmgr322.dll"
- '<SYSTEM32>\cmd.exe' /c at 06:12 /every:Th "<SYSTEM32>\gpresullt.exe" "<SYSTEM32>\cfgmgr322.dll"
- <SYSTEM32>\c_202611.nls
- <SYSTEM32>\gpresullt.exe
- <SYSTEM32>\c_4437.nls
- <SYSTEM32>\aaaammon.dll
- <SYSTEM32>\hall.dll
- <SYSTEM32>\cfgmgr322.dll
- <SYSTEM32>\dpwwsockx.dll
- <SYSTEM32>\3045\inf3045.dat
- <SYSTEM32>\c_100010.nls
- <SYSTEM32>\c_8660.nls
- <SYSTEM32>\cc_1258.nls
- %TEMP%\IXP000.TMP\PhysXDevice64
- %TEMP%\IXP000.TMP\teefunci
- %TEMP%\IXP000.TMP\loginname
- %TEMP%\IXP000.TMP\MountainTrap.exe
- %TEMP%\IXP000.TMP\4057463426
- %TEMP%\IXP000.TMP\cvx0630
- %TEMP%\IXP000.TMP\MountainTrap.exe.dll
- %TEMP%\IXP000.TMP\MountainTrap.exe.dll.dll
- %TEMP%\IXP000.TMP\482329.dll
- %TEMP%\IXP000.TMP\sprite
- %TEMP%\IXP000.TMP\_MountainTrap.exe
- %TEMP%\IXP000.TMP\MountainTrap.exe
- %TEMP%\IXP000.TMP\4057463426
- %TEMP%\IXP000.TMP\482329.dll
- %TEMP%\IXP000.TMP\MountainTrap.exe.dll.dll
- %TEMP%\IXP000.TMP\MountainTrap.exe.dll
- %TEMP%\IXP000.TMP\cvx0630
- %TEMP%\IXP000.TMP\sprite
- %TEMP%\IXP000.TMP\teefunci
- %TEMP%\IXP000.TMP\loginname
- %TEMP%\IXP000.TMP\PhysXDevice64