Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] 'wextract_cleanup0' = 'rundll32.exe <SYSTEM32>\advpack.dll,DelNodeRunDLL32 "%TEMP%\IXP000.TMP\"'
- %WINDIR%\Tasks\At2.job
- %WINDIR%\Tasks\At1.job
- '%TEMP%\IXP000.TMP\setup.exe' FmfrAa6R eG 0 5 2 audiohud pair427 esconf cvx0747 image072 downloads
- '<SYSTEM32>\at.exe' 17:30 <SYSTEM32>\cmd.exe /c del /F /Q "<Полный путь к вирусу>"
- '<SYSTEM32>\at.exe' 16:01 /every:T "<SYSTEM32>\caalc.exe"
- <SYSTEM32>\c_110081.nls
- <SYSTEM32>\dpvooice.dll
- <SYSTEM32>\sorttkey.nls
- <SYSTEM32>\c__775.nls
- <SYSTEM32>\c_0337.nls
- <SYSTEM32>\sortkeey.nls
- <SYSTEM32>\2073\inf2073.dat
- <SYSTEM32>\caalc.exe
- <SYSTEM32>\diskkcopy.dll
- %TEMP%\IXP000.TMP\pair427
- %TEMP%\IXP000.TMP\esconf
- %TEMP%\IXP000.TMP\setup.exe
- %TEMP%\IXP000.TMP\audiohud
- %TEMP%\IXP000.TMP\downloads
- <SYSTEM32>\newdeev.dll
- %TEMP%\IXP000.TMP\cvx0747
- %TEMP%\IXP000.TMP\image072
- %TEMP%\IXP000.TMP\setup.exe
- %TEMP%\IXP000.TMP\audiohud
- %TEMP%\IXP000.TMP\setup.exe.dll
- %WINDIR%\Tasks\At2.job
- %TEMP%\IXP000.TMP\setup.exe.dll.dll
- %TEMP%\IXP000.TMP\image072
- %TEMP%\IXP000.TMP\downloads
- %TEMP%\IXP000.TMP\cvx0747
- %TEMP%\IXP000.TMP\pair427
- %TEMP%\IXP000.TMP\esconf