Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'apocalyps32' = '%WINDIR%\apocalyps32.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] 'UserInit' = '<SYSTEM32>\userinit.exe,%WINDIR%\apocalyps32.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'SunJavaUpdateSched-' = '%PROGRAM_FILES%\Java\jre-04\bin\jusched.exe'
- [<HKLM>\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] '%PROGRAM_FILES%\Java\jre-04\bin\jusched.exe' = '%PROGRAM_FILES%\Java\jre-04\bin\jusched.exe:*:Enabled:JavaUpdate-'
- %WINDIR%\apocalyps32.exe
- %TEMP%\mtd.exe
- %WINDIR%\svchost.exe
- <SYSTEM32>\notepad.exe %WINDIR%\23. Nov.XxX.Password.txt
- %WINDIR%\Explorer.EXE
- %PROGRAM_FILES%\Java\jre-04\bin\jusched.exe
- %PROGRAM_FILES%\Java\jre-04\bin\UF
- %WINDIR%\ap0calypse_88E6680F\ServerLogs\%USERNAME%\23-01-2012
- %WINDIR%\23. Nov.XxX.Password.txt
- %WINDIR%\svchost.exe
- %TEMP%\mtd.exe
- 'we####.no-ip.org':1453
- DNS ASK we####.no-ip.org
- '<IP-адрес в локальной сети>':1036
- ClassName: 'MS_WINHELP' WindowName: ''
- ClassName: 'Shell_TrayWnd' WindowName: ''