Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] 'wextract_cleanup0' = 'rundll32.exe <SYSTEM32>\advpack.dll,DelNodeRunDLL32 "%TEMP%\IXP000.TMP\"'
- '%TEMP%\IXP000.TMP\CRIME2~1.EXE'
- %APPDATA%\Microsoft\Crypto\RSA\S-1-5-21-2052111302-484763869-725345543-1003\44104e39cbe83bdb1a4a1a316be3e4b9_23ef5514-3059-436f-a4a7-4cefaab20eb1
- %APPDATA%\Microsoft\Crypto\RSA\S-1-5-21-2052111302-484763869-725345543-1003\e35cecef0bca6d8d4d4ef59577ddd015_23ef5514-3059-436f-a4a7-4cefaab20eb1
- %ALLUSERSPROFILE%\Application Data\Microsoft\Crypto\RSA\MachineKeys\d8d581b3fd47c74b03ef9a18dddb2795_23ef5514-3059-436f-a4a7-4cefaab20eb1
- <SYSTEM32>\Microsoft\Protect\S-1-5-18\Preferred
- <SYSTEM32>\Microsoft\Protect\S-1-5-18\2820543b-b6d3-4829-86a9-15a1845afee0
- %APPDATA%\Microsoft\Crypto\RSA\S-1-5-21-2052111302-484763869-725345543-1003\119477db41877707e15b276ddc18976b_23ef5514-3059-436f-a4a7-4cefaab20eb1
- %TEMP%\IXP000.TMP\Crime.exe
- %TEMP%\IXP000.TMP\CRIME2~1.EXE
- %APPDATA%\Microsoft\Protect\S-1-5-21-2052111302-484763869-725345543-1003\Preferred
- %APPDATA%\Microsoft\Protect\S-1-5-21-2052111302-484763869-725345543-1003\721c482e-7a84-4c6f-97f0-4a820de2bae9
- %ALLUSERSPROFILE%\Application Data\Microsoft\Crypto\RSA\MachineKeys\d8d581b3fd47c74b03ef9a18dddb2795_23ef5514-3059-436f-a4a7-4cefaab20eb1
- %APPDATA%\Microsoft\Crypto\RSA\S-1-5-21-2052111302-484763869-725345543-1003\119477db41877707e15b276ddc18976b_23ef5514-3059-436f-a4a7-4cefaab20eb1
- ClassName: 'Shell_TrayWnd' WindowName: '(null)'