Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'Microsoft WinUpdate' = '<SYSTEM32>\msupdte.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] 'wextract_cleanup0' = 'rundll32.exe <SYSTEM32>\advpack.dll,DelNodeRunDLL32 "%TEMP%\IXP000.TMP\"'
- '%TEMP%\SallysSpaSetup21427.exe' ""
- '%TEMP%\is-48GKG.tmp\SallysSpaSetup21427.tmp' /SL5="$60092,28998941,53248,%TEMP%\SallysSpaSetup21427.exe" ""
- '%TEMP%\IXP000.TMP\file.exe'
- '%TEMP%\IXP000.TMP\SALLYS~1.EXE'
- %TEMP%\is-48GKG.tmp\SallysSpaSetup21427.tmp
- %TEMP%\is-7TPTH.tmp\_isetup\_RegDLL.tmp
- %TEMP%\is-7TPTH.tmp\_isetup\_shfoldr.dll
- %TEMP%\SallysSpaSetup21427.exe
- %TEMP%\IXP000.TMP\file.exe
- <SYSTEM32>\msupdte.exe
- %PROGRAM_FILES%\ReflexiveArcade\Channels\23939\Channel.dat
- 'www.ho####kfiles.com':80
- www.ho####kfiles.com/files/1829415_rzbq8/Updater4.exe
- DNS ASK www.ho####kfiles.com
- ClassName: 'Shell_TrayWnd' WindowName: ''