Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] 'wextract_cleanup0' = 'rundll32.exe <SYSTEM32>\advpack.dll,DelNodeRunDLL32 "%TEMP%\IXP000.TMP\"'
- %TEMP%\IXP000.TMP\teste.exe
- %TEMP%\IXP000.TMP\01DEIX~1.EXE
- %WINDIR%\regedit.exe -s ".\Parche.reg"
- <SYSTEM32>\regsvr32.exe /S "<SYSTEM32>\LegitCheckControl.dll"
- <SYSTEM32>\regsvr32.exe /S "<SYSTEM32>\WgaLogon.dll"
- <SYSTEM32>\attrib.exe -s -h -r "<DRIVERS>\etc\hosts"
- <SYSTEM32>\cmd.exe /c ""%WINDIR%\Temp\Legalizar\Instalar.cmd" "
- <SYSTEM32>\taskkill.exe /F /T /IM wgatray.exe
- <SYSTEM32>\wscript.exe "%WINDIR%\Temp\Legalizar\CambioClave.vbs"
- <SYSTEM32>\WgaLogon.dll
- <SYSTEM32>\WgaTray.exe
- %WINDIR%\Temp\Legalizar\WgaTray.exe
- <SYSTEM32>\LegitCheckControl.dll
- %WINDIR%\LegitCheckControl.New
- %WINDIR%\MGADiag.exe
- %ALLUSERSPROFILE%\Escritorio
- %WINDIR%\WgaLogon.New
- %WINDIR%\WgaTray.New
- %WINDIR%\Temp\Legalizar\WgaLogon.dll
- %WINDIR%\Temp\Legalizar\CambioClave.vbs
- %WINDIR%\Temp\Legalizar\hosts
- %TEMP%\IXP000.TMP\01DEIX~1.EXE
- %TEMP%\IXP000.TMP\teste.exe
- %WINDIR%\Temp\Legalizar\Instalar.cmd
- %WINDIR%\Temp\Legalizar\MGADiag.lnk
- %WINDIR%\Temp\Legalizar\Parche.reg
- %WINDIR%\Temp\Legalizar\LegitCheckControl.dll
- %WINDIR%\Temp\Legalizar\MGADiag.exe
- ClassName: '' WindowName: ''
- ClassName: 'RegEdit_RegEdit' WindowName: ''
- ClassName: 'EDIT' WindowName: ''
- ClassName: 'Shell_TrayWnd' WindowName: ''