Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] 'wextract_cleanup0' = 'rundll32.exe <SYSTEM32>\advpack.dll,DelNodeRunDLL32 "%TEMP%\IXP000.TMP\"'
- %TEMP%\IXP000.TMP\pass.exe --save C:\%USERNAME%_result.htm
- <Текущая директория>\sxe1.tmp
- <SYSTEM32>\ftp.exe -s:<SYSTEM32>\info.dll -v -n
- <SYSTEM32>\ping.exe 127.0.0.1 -n 3
- <SYSTEM32>\ntvdm.exe -f -i1
- [<HKLM>\Software\Mirabilis\ICQ\NewOwners]
- [<HKCU>\Software\Yahoo\Pager]
- [<HKCU>\Software\Google\Google Talk\Accounts]
- [<HKCU>\Software\Mirabilis\ICQ\NewOwners]
- [<HKCU>\Software\Microsoft\IdentityCRL]
- [<HKLM>\Software\Miranda]
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Trillian]
- [<HKCU>\Software\Microsoft\MessengerService]
- [<HKCU>\Software\Microsoft\MSNMessenger]
- %WINDIR%\Temp\scs4.tmp
- %WINDIR%\Temp\scs3.tmp
- <SYSTEM32>\INFO.DLL
- C:\%USERNAME%_result.htm
- <Текущая директория>\sxe1.tmp
- <Текущая директория>\sxe2.tmp
- %TEMP%\IXP000.TMP\pass.bat
- %TEMP%\IXP000.TMP\pass.exe
- %TEMP%\IXP000.TMP\pass.bat
- %TEMP%\IXP000.TMP\pass.exe
- <Текущая директория>\sxe1.tmp
- <SYSTEM32>\INFO.DLL
- <Текущая директория>\sxe2.tmp
- %WINDIR%\Temp\scs3.tmp
- %WINDIR%\Temp\scs4.tmp
- 'ft#.##publika.pl':21
- 'localhost':1035
- DNS ASK ft#.##publika.pl
- ClassName: 'ConsoleWindowClass' WindowName: 'ntvdm-b38.b3c.380001'