Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] 'wextract_cleanup0' = 'rundll32.exe <SYSTEM32>\advpack.dll,DelNodeRunDLL32 "%TEMP%\IXP000.TMP\"'
- %WINDIR%\Tasks\At1.job
- '%TEMP%\_Fat32Formatter.exe'
- '%TEMP%\IXP000.TMP\Fat32Formatter.exe' 3635519746 mRTx7AzN qL 0 5 3 cvx8943 HUT M1GOSPOR cfr68 image025 DisplayText _Fat32Formatter.exe
- '<SYSTEM32>\at.exe' 10:12 /every:W "<SYSTEM32>\gpresullt.exe"
- <SYSTEM32>\c_202611.nls
- <SYSTEM32>\gpresullt.exe
- <SYSTEM32>\c_4437.nls
- <SYSTEM32>\aaaammon.dll
- <SYSTEM32>\hall.dll
- <SYSTEM32>\cygwwin1.dll
- <SYSTEM32>\1017\inf1017.dat
- <SYSTEM32>\cc_1257.nls
- <SYSTEM32>\c_10266.nls
- <SYSTEM32>\c_8557.nls
- %TEMP%\IXP000.TMP\HUT
- %TEMP%\IXP000.TMP\M1GOSPOR
- %TEMP%\IXP000.TMP\cvx8943
- %TEMP%\IXP000.TMP\Fat32Formatter.exe
- %TEMP%\IXP000.TMP\3635519746
- %TEMP%\IXP000.TMP\_Fat32Formatter.exe
- %TEMP%\IXP000.TMP\482329.dll
- %TEMP%\IXP000.TMP\DisplayText
- %TEMP%\IXP000.TMP\cfr68
- %TEMP%\IXP000.TMP\image025
- %TEMP%\IXP000.TMP\Fat32Formatter.exe
- %TEMP%\IXP000.TMP\3635519746
- %TEMP%\IXP000.TMP\482329.dll
- %TEMP%\IXP000.TMP\Fat32Formatter.exe.dll.dll
- %TEMP%\IXP000.TMP\Fat32Formatter.exe.dll
- %TEMP%\IXP000.TMP\cvx8943
- %TEMP%\IXP000.TMP\image025
- %TEMP%\IXP000.TMP\DisplayText
- %TEMP%\IXP000.TMP\cfr68
- %TEMP%\IXP000.TMP\HUT
- %TEMP%\IXP000.TMP\M1GOSPOR
- %TEMP%\IXP000.TMP\_Fat32Formatter.exe в %TEMP%\_Fat32Formatter.exe
- ClassName: 'Shell_TrayWnd' WindowName: '(null)'