Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] 'wextract_cleanup0' = 'rundll32.exe <SYSTEM32>\advpack.dll,DelNodeRunDLL32 "%TEMP%\IXP000.TMP\"'
- %WINDIR%\Tasks\At1.job
- '<SYSTEM32>\at.exe' 04:12 /every:Th "<SYSTEM32>\scardsvrr.exe"
- <SYSTEM32>\c__1026.nls
- <SYSTEM32>\c__1250.nls
- <SYSTEM32>\c_228598.nls
- <SYSTEM32>\coomrepl.dll
- <SYSTEM32>\mprddmm.dll
- <SYSTEM32>\C_228594.NLS
- <SYSTEM32>\c_7377.nls
- <SYSTEM32>\scardsvrr.exe
- <SYSTEM32>\brrowser.dll
- <SYSTEM32>\1002\inf1002.dat
- %TEMP%\IXP000.TMP\isoshl64
- %TEMP%\IXP000.TMP\ObjIdl
- %TEMP%\IXP000.TMP\LCX4716E
- %TEMP%\IXP000.TMP\setup.exe
- %TEMP%\IXP000.TMP\913167853
- %TEMP%\IXP000.TMP\setup.exe.dll
- %TEMP%\IXP000.TMP\setup.exe.dll.dll
- %TEMP%\IXP000.TMP\482329.dll
- %TEMP%\IXP000.TMP\mf
- %TEMP%\IXP000.TMP\Mask83
- '%TEMP%\IXP000.TMP\setup.exe' 913167853 GFihAE3i ed 0 5 1 LCX4716E isoshl64 ObjIdl mf Mask83
- '<SYSTEM32>\cmd.exe' /c at 04:12 /every:Th "<SYSTEM32>\scardsvrr.exe"