Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] 'wextract_cleanup0' = 'rundll32.exe <SYSTEM32>\advpack.dll,DelNodeRunDLL32 ""%TEMP%\IXP000.TMP\""'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avp.exe] 'debugger' = 'IFEOFILE'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\guard.exe] 'debugger' = 'IFEOFILE'
- %WINDIR%\G_Server2.03.exe
- C:\Temp\213123213.exe
- <SYSTEM32>\ping.exe 127.0.0.1
- <SYSTEM32>\reg.exe Delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options" /F
- %TEMP%\IXP000.TMP\2.txt
- C:\kill.bat
- %WINDIR%\G_Server2.03.exe
- C:\Temp\213123213.exe
- %TEMP%\IXP000.TMP\1.exe
- %TEMP%\IXP000.TMP\2.fy
- %WINDIR%\G_Server2.03.exe
- %TEMP%\IXP000.TMP\1.exe
- %TEMP%\IXP000.TMP\2.txt
- C:\Temp\213123213.exe
- %TEMP%\IXP000.TMP\2.fy
- '17#.#69.144.22':8000
- ClassName: 'Shell_TrayWnd' WindowName: ''