Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'JavaUpdate12' = 'C:\systeam\winthlxpd12byte.cpl'
- '<SYSTEM32>\taskkill.exe' -f -im rundll32.exe*32
- '%WINDIR%\sleep.exe' (20);
- '<SYSTEM32>\rundll32.exe' shell32.dll,Control_RunDLL "C:\systeam\winthlxpd12byte.cpl",
- '<SYSTEM32>\taskkill.exe' -f -im rundll32.exe
- '<SYSTEM32>\rundll32.exe' Shell32.DLL, Control_RunDLL C:\systeam\winthlxpd12byte.cpl
- '<SYSTEM32>\reg.exe' add "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v JavaUpdate12 /d "C:\systeam\winthlxpd12byte.cpl" /f
- '<SYSTEM32>\cmd.exe' /c C:\systeam\roninnn.cmd
- C:\systeam\winthlressyne1.cpl
- C:\systeam\idmaq
- C:\systeam\roninnn.cmd
- C:\systeam\winthlxpd12byte.cpl
- C:\systeam\prachotsys.cpl
- C:\systeam\prachotsys2.cpl
- 'pa#######237.thaieasydns.com':80
- 'pa######t237.servehttp.com':80
- 'fe##sul.com':80
- pa#######237.thaieasydns.com/sysgf.html
- pa######t237.servehttp.com/sysgf.html
- fe##sul.com/sysgf.html
- DNS ASK pa#######237.thaieasydns.com
- DNS ASK pa######t237.servehttp.com
- DNS ASK fe##sul.com
- ClassName: 'Indicator' WindowName: '(null)'
- ClassName: '(null)' WindowName: '(null)'
- ClassName: '(null)' WindowName: 'syscodex'
- ClassName: 'EDIT' WindowName: '(null)'
- ClassName: 'Shell_TrayWnd' WindowName: '(null)'