Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] 'wextract_cleanup0' = 'rundll32.exe <SYSTEM32>\advpack.dll,DelNodeRunDLL32 "%TEMP%\IXP000.TMP\"'
- %TEMP%\IXP000.TMP\Steam.exe
- %TEMP%\IXP000.TMP\stean.exe
- %WINDIR%\Microsoft.NET\Framework\v2.0.50727\vbc.exe
- %TEMP%\%USERNAME%7
- %TEMP%\%USERNAME%8
- %APPDATA%\%USERNAME%log.dat
- %TEMP%\IXP000.TMP\stean.exe
- %TEMP%\IXP000.TMP\Steam.exe
- %TEMP%\%USERNAME%2.txt
- %APPDATA%\%USERNAME%log.dat
- %TEMP%\%USERNAME%8
- %TEMP%\%USERNAME%2.txt
- '69.##.153.82':27038
- '72.##5.61.190':27030
- '69.##.151.178':27038
- '68.##2.72.250':27038
- '72.##5.61.189':27030
- '87.##8.196.194':27038
- DNS ASK gd##.##eampowered.com
- DNS ASK ba####23.no-ip.biz
- ClassName: 'Shell_TrayWnd' WindowName: ''