Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] 'wextract_cleanup0' = 'rundll32.exe <SYSTEM32>\advpack.dll,DelNodeRunDLL32 "%TEMP%\IXP000.TMP\"'
- %WINDIR%\Tasks\At2.job
- %WINDIR%\Tasks\At1.job
- '%TEMP%\IXP000.TMP\setup.exe' OnLIOXAl Is 0 5 2 BRX48180 OBX81150 image1 cvx7220 warn4 canopy cvx3455 Vehicle startover APX81290
- '<SYSTEM32>\at.exe' 19:43 <SYSTEM32>\cmd.exe /c del /F /Q "<Полный путь к вирусу>"
- '<SYSTEM32>\at.exe' 18:01 /every:Th "<SYSTEM32>\calcc.exe"
- <SYSTEM32>\c_12555.nls
- <SYSTEM32>\c__10010.nls
- <SYSTEM32>\c_12533.nls
- <SYSTEM32>\dxxmasf.dll
- <SYSTEM32>\trafffic.dll
- <SYSTEM32>\unicodde.nls
- <SYSTEM32>\c_285988.nls
- <SYSTEM32>\calcc.exe
- <SYSTEM32>\MSCTFF.dll
- <SYSTEM32>\1067\inf1067.dat
- %TEMP%\IXP000.TMP\APX81290
- %TEMP%\IXP000.TMP\image1
- %TEMP%\IXP000.TMP\cvx7220
- %TEMP%\IXP000.TMP\OBX81150
- %TEMP%\IXP000.TMP\setup.exe
- %TEMP%\IXP000.TMP\BRX48180
- %TEMP%\IXP000.TMP\Vehicle
- %TEMP%\IXP000.TMP\startover
- %TEMP%\IXP000.TMP\cvx3455
- %TEMP%\IXP000.TMP\warn4
- %TEMP%\IXP000.TMP\canopy
- %TEMP%\IXP000.TMP\BRX48180
- %TEMP%\IXP000.TMP\OBX81150
- %TEMP%\IXP000.TMP\image1
- %TEMP%\IXP000.TMP\setup.exe
- %WINDIR%\Tasks\At2.job
- %TEMP%\IXP000.TMP\setup.exe.dll.dll
- %TEMP%\IXP000.TMP\setup.exe.dll
- %TEMP%\IXP000.TMP\Vehicle
- %TEMP%\IXP000.TMP\startover
- %TEMP%\IXP000.TMP\APX81290
- %TEMP%\IXP000.TMP\cvx3455
- %TEMP%\IXP000.TMP\cvx7220
- %TEMP%\IXP000.TMP\warn4
- %TEMP%\IXP000.TMP\canopy