Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'JokerLoader' = '%HOMEPATH%\Joker\JokerLoader.js'
- <SYSTEM32>\attrib.exe +S +H +A "%HOMEPATH%\Joker"
- <SYSTEM32>\wscript.exe "%HOMEPATH%\Joker\JokerLoader.js"
- <SYSTEM32>\cmd.exe /c ""%HOMEPATH%\Joker\Joker.bat" -autorun"
- <SYSTEM32>\wscript.exe "%HOMEPATH%\Joker\JokerLoader.js" -autorun
- <SYSTEM32>\reg.exe add HKCU\Software\Microsoft\Windows\CurrentVersion\Run /v JokerLoader /t REG_SZ /d "%HOMEPATH%\Joker\JokerLoader.js" /f
- %HOMEPATH%\Joker\digit.dat
- %HOMEPATH%\Joker\sleep.bat
- %HOMEPATH%\Joker\pic.ico
- %HOMEPATH%\ncftp\firewall.txt
- %HOMEPATH%\Joker\botname.dat
- %HOMEPATH%\Joker\taskdone.dat
- %HOMEPATH%\Joker\ncftpput.exe
- %HOMEPATH%\Joker\cap.exe
- %HOMEPATH%\Joker\arj.exe
- %HOMEPATH%\Joker\tree2.js
- %HOMEPATH%\Joker\ncftpget.exe
- %HOMEPATH%\Joker\JokerLoader.js
- %HOMEPATH%\Joker\Joker.bat
- 'ol#.myip.dk':80
- 'localhost':1036
- DNS ASK ol#.myip.dk
- ClassName: 'Indicator' WindowName: ''
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: 'EDIT' WindowName: ''