Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'Systemctrl' = 'Systemctrl.exe'
- <SYSTEM32>\rundll32.exe <SYSTEM32>\shimgvw.dll,ImageView_Fullscreen %WINDIR%\Muschi.jpg
- %WINDIR%\systemctrl.txt
- %HOMEPATH%\Recent\Muschi.lnk
- %HOMEPATH%\Recent\WINDOWS.lnk
- %WINDIR%\systemctrl.ini
- %WINDIR%\Muschi.jpg
- C:\ip.txt
- 'any':25
- 'tl#####.tl.funpic.de':80
- 'localhost':23
- tl#####.tl.funpic.de/serverinfo/ip.txt
- DNS ASK tl#####.tl.funpic.de
- ClassName: 'ShImgVw:CPreviewWnd' WindowName: ''
- ClassName: 'Shell_TrayWnd' WindowName: ''