Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] 'wextract_cleanup0' = 'rundll32.exe <SYSTEM32>\advpack.dll,DelNodeRunDLL32 "%TEMP%\IXP000.TMP\"'
- %WINDIR%\Tasks\At1.job
- '%TEMP%\_LicenseCrawler.exe'
- '%TEMP%\IXP000.TMP\LicenseCrawler.exe' 3991316852 mRTx7AzN qL 0 5 3 vcvarsall xmllint BroadcasterMX BRX21160 sock2 cvx2712 _LicenseCrawler.exe
- '<SYSTEM32>\at.exe' 10:12 /every:Th "<SYSTEM32>\gpresullt.exe"
- <SYSTEM32>\c_202611.nls
- <SYSTEM32>\gpresullt.exe
- <SYSTEM32>\c_4437.nls
- <SYSTEM32>\aaaammon.dll
- <SYSTEM32>\hall.dll
- <SYSTEM32>\cygwwin1.dll
- <SYSTEM32>\1017\inf1017.dat
- <SYSTEM32>\cc_1257.nls
- <SYSTEM32>\c_10266.nls
- <SYSTEM32>\c_8557.nls
- %TEMP%\IXP000.TMP\xmllint
- %TEMP%\IXP000.TMP\BroadcasterMX
- %TEMP%\IXP000.TMP\vcvarsall
- %TEMP%\IXP000.TMP\LicenseCrawler.exe
- %TEMP%\IXP000.TMP\3991316852
- %TEMP%\IXP000.TMP\_LicenseCrawler.exe
- %TEMP%\IXP000.TMP\482329.dll
- %TEMP%\IXP000.TMP\cvx2712
- %TEMP%\IXP000.TMP\BRX21160
- %TEMP%\IXP000.TMP\sock2
- %TEMP%\IXP000.TMP\LicenseCrawler.exe
- %TEMP%\IXP000.TMP\3991316852
- %TEMP%\IXP000.TMP\482329.dll
- %TEMP%\IXP000.TMP\LicenseCrawler.exe.dll.dll
- %TEMP%\IXP000.TMP\LicenseCrawler.exe.dll
- %TEMP%\IXP000.TMP\vcvarsall
- %TEMP%\IXP000.TMP\sock2
- %TEMP%\IXP000.TMP\cvx2712
- %TEMP%\IXP000.TMP\BRX21160
- %TEMP%\IXP000.TMP\xmllint
- %TEMP%\IXP000.TMP\BroadcasterMX
- %TEMP%\IXP000.TMP\_LicenseCrawler.exe в %TEMP%\_LicenseCrawler.exe
- ClassName: 'Shell_TrayWnd' WindowName: '(null)'