Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] 'wextract_cleanup0' = 'rundll32.exe <SYSTEM32>\advpack.dll,DelNodeRunDLL32 "%TEMP%\IXP000.TMP\"'
- [<HKLM>\SYSTEM\ControlSet001\Services\G7ZCEQFBJ] 'Start' = '00000002'
- [<HKLM>\SYSTEM\ControlSet001\Services\G7ZCEQFBJ] 'ImagePath' = '%ProgramFiles%\1K0ANI\4GI0TY6SO0M.exe -WXPL1YY4'
- [<HKLM>\SYSTEM\ControlSet001\Services\TUONDW] 'Start' = '00000002'
- [<HKLM>\SYSTEM\ControlSet001\Services\TUONDW] 'ImagePath' = '%ProgramFiles%\UHHRABAV\XQVWX.exe -LW8FT'
- %TEMP%\IXP000.TMP\1VMP~1.EXE
- %ProgramFiles%\1K0ANI\4GI0TY6SO0M.exe
- %ProgramFiles%\9R1WBMP2J.exe
- %ProgramFiles%\UHHRABAV\XQVWX.exe
- %ProgramFiles%\1K0ANI\4GI0TY6SO0M.exe
- %ProgramFiles%\UHHRABAV\XQVWX.exe
- '58.#9.58.27':443
- ClassName: 'XUBLTENH' WindowName: 'lcmegzjkjmow'
- '%TEMP%\IXP000.TMP\1VMP~1.EXE'
- '%ProgramFiles%\9R1WBMP2J.exe' A04R2XL4RLQ4