Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] 'wextract_cleanup0' = 'rundll32.exe <SYSTEM32>\advpack.dll,DelNodeRunDLL32 "%TEMP%\IXP000.TMP\"'
- '<LS_APPDATA>\Xenocode\Sandbox\Apache HTTP Server\2.2.14\2013.11.11T22.28\Virtual\STUBEXE\8.0.1112\@PROFILE@\Local Settings\Temp\IXP000.TMP\batman.exe'
- '%TEMP%\IXP000.TMP\BATMAN~1.EXE'
- ClassName: 'RegmonClass' WindowName: '(null)'
- ClassName: '(null)' WindowName: 'Registry Monitor - Sysinternals: www.sysinternals.com'
- ClassName: 'pediy06' WindowName: '(null)'
- ClassName: 'OLLYDBG' WindowName: '(null)'
- ClassName: 'GBDYLLO' WindowName: '(null)'
- %TEMP%\IXP000.TMP\2983~1.MP3
- %TEMP%\IXP000.TMP\BATMAN~1.EXE
- %TEMP%\IXP000.TMP\BATMAN~1.EXE
- %TEMP%\IXP000.TMP\2983~1.MP3
- '<IP-адрес в локальной сети>':4444
- ClassName: '18467-41' WindowName: '(null)'