Техническая информация
Для обеспечения автозапуска и распространения
Создает или изменяет следующие файлы
- <SYSTEM32>\tasks\rdreminder
- %WINDIR%\tasks\dll-files.com fixer_monthly.job
- <SYSTEM32>\tasks\dll-files.com fixer_monthly
- %WINDIR%\tasks\dll-files.com fixer_updates.job
- <SYSTEM32>\tasks\dll-files.com fixer_updates
Изменения в файловой системе
Создает следующие файлы
- %WINDIR%\temp\ckhmllvbds\chinese_rcp.ini
- %LOCALAPPDATA%\microsoft\windows\<INETFILES>\content.ie5\604pwz7f\left_nonaction_n[1]
- %LOCALAPPDATA%\microsoft\windows\<INETFILES>\content.ie5\bg0n0zou\btn_bg[1]
- %LOCALAPPDATA%\microsoft\windows\<INETFILES>\content.ie5\dzhkzdlo\middle_nonaction_d[1]
- %LOCALAPPDATA%\microsoft\windows\<INETFILES>\content.ie5\q1e129qo\middle_nonaction_h[1]
- %LOCALAPPDATA%\microsoft\windows\<INETFILES>\content.ie5\604pwz7f\middle_nonaction_n[1]
- %LOCALAPPDATA%\microsoft\windows\<INETFILES>\content.ie5\bg0n0zou\scanprog5[1]
- %LOCALAPPDATA%\microsoft\windows\<INETFILES>\content.ie5\dzhkzdlo\scanprog4[1]
- %LOCALAPPDATA%\microsoft\windows\<INETFILES>\content.ie5\q1e129qo\scanprog3[1]
- %LOCALAPPDATA%\microsoft\windows\<INETFILES>\content.ie5\604pwz7f\scanprog2[1]
- %LOCALAPPDATA%\microsoft\windows\<INETFILES>\content.ie5\q1e129qo\scanprog1[1]
- %LOCALAPPDATA%\microsoft\windows\<INETFILES>\content.ie5\dzhkzdlo\rcp[1]
- %LOCALAPPDATA%\microsoft\windows\<INETFILES>\content.ie5\q1e129qo\btn_blue_right_n[1]
- %LOCALAPPDATA%\microsoft\windows\<INETFILES>\content.ie5\bg0n0zou\btn_blue_left_n[1]
- %LOCALAPPDATA%\microsoft\windows\<INETFILES>\content.ie5\dzhkzdlo\btn_blue_right_n[1]
- %LOCALAPPDATA%\microsoft\windows\<INETFILES>\content.ie5\q1e129qo\btn_blue_left_n[1]
- %LOCALAPPDATA%\microsoft\windows\<INETFILES>\content.ie5\604pwz7f\info_bg_right[1]
- %LOCALAPPDATA%\microsoft\windows\<INETFILES>\content.ie5\bg0n0zou\info[1]
- %LOCALAPPDATA%\microsoft\windows\<INETFILES>\content.ie5\dzhkzdlo\info_bg_middle[1]
- %LOCALAPPDATA%\microsoft\windows\<INETFILES>\content.ie5\q1e129qo\info_bg_left[1]
- %LOCALAPPDATA%\microsoft\windows\<INETFILES>\content.ie5\604pwz7f\big_level_1[1]
- %LOCALAPPDATA%\microsoft\windows\<INETFILES>\content.ie5\bg0n0zou\last_scan_icon[1]
- %LOCALAPPDATA%\microsoft\windows\<INETFILES>\content.ie5\dzhkzdlo\btn_blue_middle_d[1]
- %LOCALAPPDATA%\microsoft\windows\<INETFILES>\content.ie5\604pwz7f\btn_blue_middle_h[1]
- %LOCALAPPDATA%\microsoft\windows\<INETFILES>\content.ie5\bg0n0zou\btn_blue_middle_n[1]
- %LOCALAPPDATA%\microsoft\windows\<INETFILES>\content.ie5\dzhkzdlo\btn_upgrade_full_version_down[1]
- %LOCALAPPDATA%\microsoft\windows\<INETFILES>\content.ie5\q1e129qo\btn_upgrade_full_version_hover[1]
- %LOCALAPPDATA%\microsoft\windows\<INETFILES>\content.ie5\604pwz7f\btn_upgrade_full_version_normal[1]
- %LOCALAPPDATA%\microsoft\windows\<INETFILES>\content.ie5\q1e129qo\right_nonaction_n[1]
- %LOCALAPPDATA%\microsoft\windows\<INETFILES>\content.ie5\bg0n0zou\heading-bg[1]
- %LOCALAPPDATA%\microsoft\windows\<INETFILES>\content.ie5\dzhkzdlo\small_fixerror_d_middle[1]
- %LOCALAPPDATA%\microsoft\windows\<INETFILES>\content.ie5\604pwz7f\info[1]
- %LOCALAPPDATA%\microsoft\windows\<INETFILES>\content.ie5\q1e129qo\small_fixerror_h_middle[1]
- %LOCALAPPDATA%\microsoft\windows\<INETFILES>\content.ie5\604pwz7f\small_fixerror_n_middle[1]
- %LOCALAPPDATA%\microsoft\windows\<INETFILES>\content.ie5\bg0n0zou\fix_errors_d_middle[1]
- %LOCALAPPDATA%\microsoft\windows\<INETFILES>\content.ie5\dzhkzdlo\fix_errors_h_middle[1]
- %LOCALAPPDATA%\microsoft\windows\<INETFILES>\content.ie5\q1e129qo\fix_errors_n_middle[1]
- %LOCALAPPDATA%\microsoft\windows\<INETFILES>\content.ie5\604pwz7f\gradiant_box[1]
- %LOCALAPPDATA%\microsoft\windows\<INETFILES>\content.ie5\604pwz7f\alttxt[2]
- %LOCALAPPDATA%\microsoft\windows\<INETFILES>\content.ie5\bg0n0zou\animatedcollapse[1]
- %LOCALAPPDATA%\microsoft\windows\<INETFILES>\content.ie5\dzhkzdlo\thank_award[1]
- %LOCALAPPDATA%\microsoft\windows\<INETFILES>\content.ie5\q1e129qo\tick_gray[1]
- %LOCALAPPDATA%\microsoft\windows\<INETFILES>\content.ie5\604pwz7f\arrow[1]
- %LOCALAPPDATA%\microsoft\windows\<INETFILES>\content.ie5\bg0n0zou\award[1]
- %LOCALAPPDATA%\microsoft\windows\<INETFILES>\content.ie5\604pwz7f\tick_green[1]
- %LOCALAPPDATA%\microsoft\windows\<INETFILES>\content.ie5\dzhkzdlo\small_level_6[1]
- %LOCALAPPDATA%\microsoft\windows\<INETFILES>\content.ie5\q1e129qo\home_alert[1]
- %LOCALAPPDATA%\microsoft\windows\<INETFILES>\content.ie5\604pwz7f\info_box_red[1]
- %LOCALAPPDATA%\microsoft\windows\<INETFILES>\content.ie5\bg0n0zou\footer_award[1]
- %LOCALAPPDATA%\microsoft\windows\<INETFILES>\content.ie5\dzhkzdlo\button_black_bg[1]
- %LOCALAPPDATA%\microsoft\windows\<INETFILES>\content.ie5\q1e129qo\money_back[1]
- %LOCALAPPDATA%\microsoft\windows\<INETFILES>\content.ie5\604pwz7f\small_level_6[1]
- %LOCALAPPDATA%\microsoft\windows\<INETFILES>\content.ie5\bg0n0zou\alert_square[1]
- %LOCALAPPDATA%\microsoft\windows\<INETFILES>\content.ie5\dzhkzdlo\startup_small_dis[1]
- %LOCALAPPDATA%\microsoft\windows\<INETFILES>\content.ie5\q1e129qo\current_user_small_dis[1]
- %LOCALAPPDATA%\microsoft\windows\<INETFILES>\content.ie5\604pwz7f\com_active_small_dis[1]
- %LOCALAPPDATA%\microsoft\windows\<INETFILES>\content.ie5\bg0n0zou\partition_light_line[1]
- %LOCALAPPDATA%\microsoft\windows\<INETFILES>\content.ie5\dzhkzdlo\blank[1]
- %LOCALAPPDATA%\microsoft\windows\<INETFILES>\content.ie5\q1e129qo\all_user_small_dis[1]
- %LOCALAPPDATA%\microsoft\windows\<INETFILES>\content.ie5\bg0n0zou\btn_registryscan_down[1]
- %LOCALAPPDATA%\microsoft\windows\<INETFILES>\content.ie5\dzhkzdlo\select_catag_icon[1]
- %LOCALAPPDATA%\microsoft\windows\<INETFILES>\content.ie5\dzhkzdlo\btn_registryscan_hover[1]
- %LOCALAPPDATA%\microsoft\windows\<INETFILES>\content.ie5\q1e129qo\426[1]
- %WINDIR%\temp\ckhmllvbds\xmllite.dll
- %WINDIR%\temp\ckhmllvbds\unins000.exe
- %WINDIR%\temp\ckhmllvbds\unins000.dat
- %WINDIR%\temp\ckhmllvbds\turkish_rcp_tr.ini
- %WINDIR%\temp\ckhmllvbds\traditionalcn_rcp_zh-tw.ini
- %WINDIR%\temp\ckhmllvbds\swedish_rcp.ini
- %WINDIR%\temp\ckhmllvbds\spanish_rcp.ini
- %WINDIR%\temp\ckhmllvbds\russian_rcp_ru.ini
- %WINDIR%\temp\ckhmllvbds\regcleanpro.dll
- %WINDIR%\temp\ckhmllvbds\portuguese_rcp.ini
- %WINDIR%\temp\ckhmllvbds\portugese_rcp_pt.ini
- %WINDIR%\temp\ckhmllvbds\polish_rcp_pl.ini
- %WINDIR%\temp\ckhmllvbds\norwegian_rcp.ini
- %WINDIR%\temp\ckhmllvbds\korean_rcp_ko.ini
- %WINDIR%\temp\ckhmllvbds\japanese_rcp.ini
- %WINDIR%\temp\ckhmllvbds\italian_rcp.ini
- %WINDIR%\temp\ckhmllvbds\isxdl.dll
- %WINDIR%\temp\ckhmllvbds\install_left_image.bmp
- %WINDIR%\temp\ckhmllvbds\greek_rcp_el.ini
- %WINDIR%\temp\ckhmllvbds\german_rcp.ini
- %WINDIR%\temp\ckhmllvbds\french_rcp.ini
- %WINDIR%\temp\ckhmllvbds\finnish_rcp_fi.ini
- %WINDIR%\temp\ckhmllvbds\eng_rcp.ini
- %WINDIR%\temp\ckhmllvbds\dutch_rcp.ini
- %WINDIR%\temp\ckhmllvbds\dllfixer.exe
- %WINDIR%\temp\ckhmllvbds\danish_rcp.ini
- %WINDIR%\temp\ckhmllvbds\cleanschedule.exe
- %LOCALAPPDATA%\microsoft\windows\<INETFILES>\content.ie5\604pwz7f\424[1]
- %LOCALAPPDATA%\microsoft\windows\<INETFILES>\content.ie5\dzhkzdlo\445[1]
- %LOCALAPPDATA%\microsoft\windows\<INETFILES>\content.ie5\604pwz7f\ss_driverupdater[1]
- %APPDATA%\dll-files.com\fixer\version 1.0\log_01-31-2025.log
- %LOCALAPPDATA%\microsoft\windows\<INETFILES>\content.ie5\bg0n0zou\btn_downloadnow[1]
- %LOCALAPPDATA%\microsoft\windows\<INETFILES>\content.ie5\dzhkzdlo\tick_list[1]
- %LOCALAPPDATA%\microsoft\windows\<INETFILES>\content.ie5\q1e129qo\arrow_icon[1]
- %LOCALAPPDATA%\microsoft\windows\<INETFILES>\content.ie5\604pwz7f\tick_icon[1]
- %LOCALAPPDATA%\microsoft\windows\<INETFILES>\content.ie5\bg0n0zou\texts[1]
- %LOCALAPPDATA%\microsoft\windows\<INETFILES>\content.ie5\dzhkzdlo\purchase_now_down[1]
- %LOCALAPPDATA%\microsoft\windows\<INETFILES>\content.ie5\q1e129qo\purchase_now_hover[1]
- %LOCALAPPDATA%\microsoft\windows\<INETFILES>\content.ie5\604pwz7f\purchase_now_normal[1]
- %LOCALAPPDATA%\microsoft\windows\<INETFILES>\content.ie5\bg0n0zou\gray_down[1]
- %LOCALAPPDATA%\microsoft\windows\<INETFILES>\content.ie5\dzhkzdlo\gray_hover[1]
- %LOCALAPPDATA%\microsoft\internet explorer\msimgsiz.dat
- %LOCALAPPDATA%\microsoft\windows\<INETFILES>\content.ie5\q1e129qo\gray_normal[1]
- %LOCALAPPDATA%\microsoft\windows\<INETFILES>\content.ie5\q1e129qo\rcp[2]
- %LOCALAPPDATA%\microsoft\windows\<INETFILES>\content.ie5\bg0n0zou\jquery[1]
- %LOCALAPPDATA%\microsoft\windows\<INETFILES>\content.ie5\q1e129qo\rcp[1]
- %LOCALAPPDATA%\microsoft\windows\<INETFILES>\content.ie5\604pwz7f\alttxt[1]
- %LOCALAPPDATA%\microsoft\windows\<INETFILES>\content.ie5\bg0n0zou\btn_blue_middle_d[1]
- %LOCALAPPDATA%\microsoft\windows\<INETFILES>\content.ie5\dzhkzdlo\btn_blue_middle_h[1]
- %LOCALAPPDATA%\microsoft\windows\<INETFILES>\content.ie5\604pwz7f\btn_blue_middle_n[1]
- %LOCALAPPDATA%\microsoft\windows\<INETFILES>\content.ie5\bg0n0zou\rcp[1]
- %LOCALAPPDATA%\microsoft\windows\<INETFILES>\content.ie5\q1e129qo\alttxt[1]
- %LOCALAPPDATA%\microsoft\windows\<INETFILES>\content.ie5\604pwz7f\rcp[1]
- %LOCALAPPDATA%\microsoft\windows\<INETFILES>\content.ie5\bg0n0zou\alttxt[1]
- %LOCALAPPDATA%\microsoft\windows\<INETFILES>\content.ie5\dzhkzdlo\420[1]
- %LOCALAPPDATA%\microsoft\windows\<INETFILES>\content.ie5\q1e129qo\421[1]
- %LOCALAPPDATA%\microsoft\windows\<INETFILES>\content.ie5\604pwz7f\428[1]
- %LOCALAPPDATA%\microsoft\windows\<INETFILES>\content.ie5\bg0n0zou\427[1]
- %LOCALAPPDATA%\microsoft\windows\<INETFILES>\content.ie5\q1e129qo\btn_registryscan_normal[1]
- %ALLUSERSPROFILE%\microsoft\crypto\rsa\s-1-5-18\d42cc0c3858a58db2db37658219e6400_0cb67e2f-dc95-45ca-8fb8-69bde8e3f814
Удаляет следующие файлы
- %LOCALAPPDATA%\microsoft\windows\<INETFILES>\content.ie5\bg0n0zou\alttxt[1]
- %LOCALAPPDATA%\microsoft\windows\<INETFILES>\content.ie5\604pwz7f\rcp[1]
- %LOCALAPPDATA%\microsoft\windows\<INETFILES>\content.ie5\q1e129qo\alttxt[1]
- %LOCALAPPDATA%\microsoft\windows\<INETFILES>\content.ie5\bg0n0zou\rcp[1]
- %LOCALAPPDATA%\microsoft\windows\<INETFILES>\content.ie5\q1e129qo\rcp[1]
- %LOCALAPPDATA%\microsoft\windows\<INETFILES>\content.ie5\q1e129qo\rcp[2]
- %LOCALAPPDATA%\microsoft\windows\<INETFILES>\content.ie5\604pwz7f\btn_blue_middle_n[1]
- %LOCALAPPDATA%\microsoft\windows\<INETFILES>\content.ie5\dzhkzdlo\btn_blue_middle_h[1]
- %LOCALAPPDATA%\microsoft\windows\<INETFILES>\content.ie5\bg0n0zou\btn_blue_middle_d[1]
- %LOCALAPPDATA%\microsoft\windows\<INETFILES>\content.ie5\q1e129qo\btn_blue_left_n[1]
- %LOCALAPPDATA%\microsoft\windows\<INETFILES>\content.ie5\dzhkzdlo\btn_blue_right_n[1]
- %LOCALAPPDATA%\microsoft\windows\<INETFILES>\content.ie5\604pwz7f\small_level_6[1]
- %LOCALAPPDATA%\microsoft\windows\<INETFILES>\content.ie5\604pwz7f\alttxt[1]
Подменяет следующие файлы
- %LOCALAPPDATA%\microsoft\windows\<INETFILES>\content.ie5\q1e129qo\rcp[1]
Сетевая активность
Подключается к
- 'up######rvice1.systweak.com':80
TCP
Запросы HTTP POST
- http://up######rvice1.systweak.com/STGenuineValidator/STGenuineValidationService.asmx
UDP
- DNS ASK up######rvice1.systweak.com
Другое
Ищет следующие окна
- ClassName: 'MS_AutodialMonitor' WindowName: ''
- ClassName: 'MS_WebCheckMonitor' WindowName: ''
Создает и запускает на исполнение
- '%WINDIR%\temp\ckhmllvbds\dllfixer.exe'
