Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'JavaUpdate8' = 'C:\systeam\winthlxp68byte.cpl'
- '<SYSTEM32>\taskkill.exe' -f -im rundll32.exe*32
- '%WINDIR%\sleep.exe' (20);
- '<SYSTEM32>\rundll32.exe' shell32.dll,Control_RunDLL "C:\systeam\winthlxp68byte.cpl",
- '<SYSTEM32>\taskkill.exe' -f -im rundll32.exe
- '<SYSTEM32>\rundll32.exe' Shell32.DLL, Control_RunDLL c:\systeam\winthlxp68byte.cpl
- '<SYSTEM32>\reg.exe' add "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v JavaUpdate8 /d "C:\systeam\winthlxp68byte.cpl" /f
- '<SYSTEM32>\cmd.exe' /c C:\systeam\roninnn.cmd
- C:\systeam\idmaq
- C:\systeam\roninnn.cmd
- C:\systeam\winthlxp68byte.cpl
- 'no######3777.servehttp.com':80
- 'xc#####a3.hpg.com.br':80
- 'xc#####a2.hpg.com.br':80
- no######3777.servehttp.com/sysgf.txt
- xc#####a3.hpg.com.br/sysgf.html
- xc#####a2.hpg.com.br/sysgf.html
- DNS ASK no######3777.servehttp.com
- DNS ASK xc#####a3.hpg.com.br
- DNS ASK xc#####a2.hpg.com.br
- ClassName: 'Indicator' WindowName: '(null)'
- ClassName: '(null)' WindowName: '(null)'
- ClassName: 'EDIT' WindowName: '(null)'
- ClassName: 'Shell_TrayWnd' WindowName: '(null)'