Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] 'wextract_cleanup0' = 'rundll32.exe <SYSTEM32>\advpack.dll,DelNodeRunDLL32 "%TEMP%\IXP000.TMP\"'
- '%TEMP%\IXP000.TMP\Ф°·Ѕіч№сЧўІб»ъ.exe'
- '<SYSTEM32>\Application Layer Gateway Service.exe'
- '%TEMP%\IXP000.TMP\Ф°·Ѕіч№сЧўІб.exe'
- 'C:\main.exe'
- '<SYSTEM32>\ping.exe' 127.0.0.1 -n 3
- '<SYSTEM32>\cmd.exe' /c c:\dezvsc.bat
- <SYSTEM32>\krnln.fnr
- <SYSTEM32>\Exmlrpc.fne
- %WINDIR%\Fonts\4daca751fcea4878661463a07e6f89f5.dat
- <SYSTEM32>\Application Layer Gateway Service.dll
- %TEMP%\_eviip.tmp
- <SYSTEM32>\krnln.fne
- <SYSTEM32>\dp1.fne
- C:\dezvsc.bat
- <SYSTEM32>\Application Layer Gateway Service.exe
- C:\main.exe
- C:\main.dll
- %TEMP%\IXP000.TMP\Ф°·Ѕіч№сЧўІб.exe
- %TEMP%\IXP000.TMP\Ф°·Ѕіч№сЧўІб»ъ.exe
- C:\dp1.fne
- %TEMP%\nsg2.tmp\System.dll
- C:\krnln.fnr
- C:\exmlrpc.fne
- <SYSTEM32>\Exmlrpc.fne
- <SYSTEM32>\dp1.fne
- <SYSTEM32>\Application Layer Gateway Service.exe
- <SYSTEM32>\krnln.fnr
- C:\dp1.fne
- C:\main.dll
- C:\main.exe
- C:\exmlrpc.fne
- %TEMP%\nsg2.tmp\System.dll
- %TEMP%\IXP000.TMP\Ф°·Ѕіч№сЧўІб.exe
- C:\krnln.fnr
- '12#.0.0.2':19820
- 'ar####.gnway.net':19820
- DNS ASK ar####.gnway.net
- ClassName: '' WindowName: '(null)'
- ClassName: 'Shell_TrayWnd' WindowName: '(null)'