Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] 'wextract_cleanup0' = 'rundll32.exe <SYSTEM32>\advpack.dll,DelNodeRunDLL32 "%TEMP%\IXP000.TMP\"'
- %WINDIR%\Tasks\At1.job
- '<SYSTEM32>\grpcconv.exe' "<SYSTEM32>\sorttblls.nls"
- '%TEMP%\IXP000.TMP\Setup1.exe' b8QRaVRf 2f 2 4 4 LocStrings HP35410 cffn183 cvx5833 cvx5749 AdsHlp cvx5617 BRX42090 pair388 Setup.exe
- '<SYSTEM32>\at.exe' 18:10 /every:M "<SYSTEM32>\grpcconv.exe"
- '<SYSTEM32>\regsvr32.exe' /s "<SYSTEM32>\liccwmi.dll"
- <SYSTEM32>\c_4437.nls
- <SYSTEM32>\grpcconv.exe
- %TEMP%\IXP000.TMP\BRX42090
- %TEMP%\IXP000.TMP\pair388
- <SYSTEM32>\liccwmi.dll
- <SYSTEM32>\2054\inf2054.dat
- <SYSTEM32>\sorttblls.nls
- <SYSTEM32>\l_inntl.nls
- %TEMP%\IXP000.TMP\HP35410
- %TEMP%\IXP000.TMP\cffn183
- %TEMP%\IXP000.TMP\Setup1.exe
- %TEMP%\IXP000.TMP\LocStrings
- %TEMP%\IXP000.TMP\AdsHlp
- %TEMP%\IXP000.TMP\cvx5617
- %TEMP%\IXP000.TMP\cvx5833
- %TEMP%\IXP000.TMP\cvx5749
- %TEMP%\IXP000.TMP\cffn183
- %TEMP%\IXP000.TMP\cvx5833
- %TEMP%\IXP000.TMP\HP35410
- %TEMP%\IXP000.TMP\Setup1.exe
- %TEMP%\IXP000.TMP\LocStrings
- %TEMP%\IXP000.TMP\BRX42090
- %TEMP%\IXP000.TMP\pair388
- %TEMP%\IXP000.TMP\cvx5617
- %TEMP%\IXP000.TMP\cvx5749
- %TEMP%\IXP000.TMP\AdsHlp
- ClassName: 'Shell_TrayWnd' WindowName: '(null)'