Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] 'wextract_cleanup0' = 'rundll32.exe <SYSTEM32>\advpack.dll,DelNodeRunDLL32 "%TEMP%\IXP000.TMP\"'
- %HOMEPATH%\Start Menu\Programs\Startup\ser.exe
- '%TEMP%\IXP000.TMP\Skype enGB.exe'
- '%TEMP%\Skype voucher.exe'
- %APPDATA%\Microsoft\CryptnetUrlCache\Content\696F3DE637E6DE85B458996D49D759AD
- %APPDATA%\Microsoft\CryptnetUrlCache\MetaData\696F3DE637E6DE85B458996D49D759AD
- %APPDATA%\Microsoft\CryptnetUrlCache\MetaData\7396C420A8E1BC1DA97F1AF0D10BAD21
- %TEMP%\IXP000.TMP\sqlite3.dll
- %APPDATA%\Microsoft\CryptnetUrlCache\Content\7396C420A8E1BC1DA97F1AF0D10BAD21
- %TEMP%\IXP000.TMP\Default.dll
- %TEMP%\ser.exe
- %TEMP%\aut1.tmp
- %TEMP%\aut2.tmp
- %TEMP%\IXP000.TMP\Skype enGB.exe
- %TEMP%\Skype voucher.exe
- %TEMP%\IXP000.TMP\sqlite3.dll
- %TEMP%\aut2.tmp
- %TEMP%\aut1.tmp
- '20#.#6.232.182':80
- 'wp#d':80
- 20#.#6.232.182/pki/crl/products/MicCodSigPCA_08-31-2010.crl
- 20#.#6.232.182/pki/crl/products/microsoftrootcert.crl
- wp#d/wpad.dat
- DNS ASK crl.microsoft.com
- DNS ASK wp#d
- ClassName: 'Shell_TrayWnd' WindowName: '(null)'