Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] 'wextract_cleanup0' = 'rundll32.exe <SYSTEM32>\advpack.dll,DelNodeRunDLL32 "%TEMP%\IXP000.TMP\"'
- [<HKLM>\SYSTEM\ControlSet001\Services\Host Generic Process] 'Start' = '00000002'
- <DRIVERS>\svchost.exe
- <LS_APPDATA>\Xenocode\Sandbox\Systeme d'exploitation Microsoft® Windows®\6.00.2900.5512\2012.09.03T21.32\Native\STUBEXE\8.0.1112\@PROFILE@\Local Settings\Temp\IXP000.TMP\build.exe
- <LS_APPDATA>\Xenocode\Sandbox\Systeme d'exploitation Microsoft® Windows®\6.00.2900.5512\2012.09.03T21.32\Virtual\STUBEXE\8.0.1112\@APPDIR@\build.exe
- <DRIVERS>\svchost.exe
- C:\Documents and Settings\LocalService\Local Settings\Application Data\sLT.exf
- %TEMP%\IXP000.TMP\build.exe
- %TEMP%\IXP000.TMP\build.exe
- 'at##i.us':80
- at##i.us/admin/
- DNS ASK at##i.us