Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ddcApnNH] 'DllName' = 'ddcApnNH.dll'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ddcApnNH] 'Logon' = 'o'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] 'wextract_cleanup0' = 'rundll32.exe <SYSTEM32>\advpack.dll,DelNodeRunDLL32 "%TEMP%\IXP000.TMP\"'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] '{487C9905-26A8-42C8-8033-C58AD3D2AEC3}' = ''
- '%TEMP%\IXP000.TMP\ACT20.EXE'
- '%TEMP%\IXP000.TMP\is155246.exe'
- '<SYSTEM32>\msiexec.exe' /V
- '<SYSTEM32>\msiexec.exe' -Embedding 24B2E1A32200A5516676A638C063B642 C
- '<SYSTEM32>\cmd.exe' /c %TEMP%\removalfile.bat "%TEMP%\IXP000.TMP\is155246.exe"
- '<SYSTEM32>\msiexec.exe' /i "%TEMP%\_is2\Application Compatibility Toolkit.msi"
- <SYSTEM32>\winlogon.exe
- %TEMP%\_is2\_ISMSIDEL.INI
- %TEMP%\_is2\Setup.INI
- %TEMP%\_is2\Application Compatibility Toolkit.msi
- %TEMP%\MSI3.tmp
- %TEMP%\29754.msi
- %TEMP%\IXP000.TMP\is155246.exe
- %TEMP%\IXP000.TMP\ACT20.EXE
- <SYSTEM32>\ddcApnNH.dll
- %TEMP%\~1.tmp
- %TEMP%\removalfile.bat
- %TEMP%\~1.tmp
- %TEMP%\MSI3.tmp
- <SYSTEM32>\PerfStringBackup.TMP
- %TEMP%\IXP000.TMP\is155246.exe
- ClassName: 'Shell_TrayWnd' WindowName: '(null)'