Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'Windows Protector' = '"%ProgramFiles(x86)%\WindowsPro\chrome.exe" -a /a'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\RunOnce] 'Windows Protector' = '"%ProgramFiles(x86)%\WindowsPro\chrome.exe" -a /a'
- svhost.exe
- %TEMP%\file.jar
- %TEMP%\svhost.exe
- %TEMP%\svhost.exe в %ProgramFiles(x86)%\windowspro\chrome.exe
- '12#.#14.131.236':1337
- '%TEMP%\svhost.exe'
- '%ProgramFiles%\java\jre1.8.0_45\bin\javaw.exe' -jar "%TEMP%\File.jar"