Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] 'wextract_cleanup0' = 'rundll32.exe <SYSTEM32>\advpack.dll,DelNodeRunDLL32 "%TEMP%\IXP000.TMP\"'
- %WINDIR%\Tasks\At1.job
- '%TEMP%\_keygen.exe'
- '%TEMP%\IXP000.TMP\keygen.exe' 1072869178 RwZWsJSR Vq 0 5 3 cvx0909 PARLT HL35108 Lang040c phases dhtmled l45rside _keygen.exe
- '<SYSTEM32>\at.exe' 18:12 /every:M "<SYSTEM32>\sfcc.exe"
- <SYSTEM32>\c__850.nls
- <SYSTEM32>\c_9936.nls
- <SYSTEM32>\sorttkey.nls
- <SYSTEM32>\addptif.dll
- <SYSTEM32>\libpqq82.dll
- <SYSTEM32>\ctypee.nls
- <SYSTEM32>\c__865.nls
- <SYSTEM32>\sfcc.exe
- <SYSTEM32>\odpdx322.dll
- <SYSTEM32>\3015\inf3015.dat
- %TEMP%\IXP000.TMP\482329.dll
- %TEMP%\IXP000.TMP\PARLT
- %TEMP%\IXP000.TMP\HL35108
- %TEMP%\IXP000.TMP\cvx0909
- %TEMP%\IXP000.TMP\keygen.exe
- %TEMP%\IXP000.TMP\1072869178
- %TEMP%\IXP000.TMP\l45rside
- %TEMP%\IXP000.TMP\_keygen.exe
- %TEMP%\IXP000.TMP\dhtmled
- %TEMP%\IXP000.TMP\Lang040c
- %TEMP%\IXP000.TMP\phases
- %TEMP%\IXP000.TMP\keygen.exe
- %TEMP%\IXP000.TMP\1072869178
- %TEMP%\IXP000.TMP\cvx0909
- %TEMP%\IXP000.TMP\keygen.exe.dll.dll
- %TEMP%\IXP000.TMP\keygen.exe.dll
- %TEMP%\IXP000.TMP\482329.dll
- %TEMP%\IXP000.TMP\phases
- %TEMP%\IXP000.TMP\dhtmled
- %TEMP%\IXP000.TMP\l45rside
- %TEMP%\IXP000.TMP\PARLT
- %TEMP%\IXP000.TMP\HL35108
- %TEMP%\IXP000.TMP\Lang040c
- %TEMP%\IXP000.TMP\_keygen.exe в %TEMP%\_keygen.exe
- ClassName: 'Shell_TrayWnd' WindowName: '(null)'