Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] 'wextract_cleanup0' = 'rundll32.exe <SYSTEM32>\advpack.dll,DelNodeRunDLL32 ""%TEMP%\IXP000.TMP\""'
- <SYSTEM32>\lppq.exe "<SYSTEM32>\c_100079.nls"
- <SYSTEM32>\at.exe 16:10 <SYSTEM32>\cmd.exe /c del /F /Q ""%TEMP%\ remove.exe""
- <SYSTEM32>\at.exe 15:55 /every:T "<SYSTEM32>\lppq.exe"
- <SYSTEM32>\regsvr32.exe /s "<SYSTEM32>\saamsrv.dll"
- <SYSTEM32>\lppq.exe
- <SYSTEM32>\ctyype.nls
- %TEMP%\IXP000.TMP\onmove
- <SYSTEM32>\c_100079.nls
- <SYSTEM32>\1067\inf1067.dat
- <SYSTEM32>\saamsrv.dll
- <SYSTEM32>\c_100007.nls
- %TEMP%\IXP000.TMP\setup.exe
- %TEMP%\ remove.exe
- %TEMP%\ T2.exe
- %TEMP%\IXP000.TMP\lgdriver32
- %TEMP%\IXP000.TMP\CRASHNAVLEGEND
- %TEMP%\IXP000.TMP\wsetlocl
- %TEMP%\IXP000.TMP\handsafe
- %TEMP%\IXP000.TMP\handsafe
- %TEMP%\IXP000.TMP\lgdriver32
- %TEMP%\IXP000.TMP\setup.exe
- %TEMP%\IXP000.TMP\onmove
- %TEMP%\IXP000.TMP\CRASHNAVLEGEND
- %TEMP%\IXP000.TMP\wsetlocl