Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] 'wextract_cleanup0' = 'rundll32.exe <SYSTEM32>\advpack.dll,DelNodeRunDLL32 "%TEMP%\IXP000.TMP\"'
- %WINDIR%\Tasks\At1.job
- '%TEMP%\_Gary_Hansen.exe'
- '%TEMP%\IXP000.TMP\Gary_Hansen.exe' 6jyc2rtQ 7K 0 5 3 COMPLETEOK LMX5016014 GFCORMEI LaunchEM MaterialDecl _Gary_Hansen.exe
- '<SYSTEM32>\at.exe' 21:22 /every:M "<SYSTEM32>\freecelll.exe"
- <SYSTEM32>\c_288591.nls
- <SYSTEM32>\msllbui.dll
- <SYSTEM32>\c_9950.nls
- <SYSTEM32>\c_100006.nls
- <SYSTEM32>\c_11255.nls
- <SYSTEM32>\C_288597.NLS
- <SYSTEM32>\3090\inf3090.dat
- <SYSTEM32>\freecelll.exe
- %TEMP%\IXP000.TMP\LMX5016014
- %TEMP%\IXP000.TMP\GFCORMEI
- %TEMP%\IXP000.TMP\Gary_Hansen.exe
- %TEMP%\IXP000.TMP\COMPLETEOK
- %TEMP%\IXP000.TMP\_Gary_Hansen.exe
- <SYSTEM32>\glu322.dll
- %TEMP%\IXP000.TMP\LaunchEM
- %TEMP%\IXP000.TMP\MaterialDecl
- %TEMP%\IXP000.TMP\COMPLETEOK
- %TEMP%\IXP000.TMP\Gary_Hansen.exe
- %TEMP%\IXP000.TMP\Gary_Hansen.exe.dll
- %TEMP%\IXP000.TMP\LMX5016014
- %TEMP%\IXP000.TMP\MaterialDecl
- %TEMP%\IXP000.TMP\LaunchEM
- %TEMP%\IXP000.TMP\GFCORMEI
- %TEMP%\IXP000.TMP\_Gary_Hansen.exe в %TEMP%\_Gary_Hansen.exe
- ClassName: 'MS_AutodialMonitor' WindowName: '(null)'
- ClassName: 'MS_WebcheckMonitor' WindowName: '(null)'
- ClassName: 'Shell_TrayWnd' WindowName: '(null)'
- ClassName: 'EDIT' WindowName: '(null)'