Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'Windows Update' = '"%TEMP%\javawapl.exe" ..'
- [<HKLM>\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] 'Windows Update' = '"%TEMP%\javawapl.exe" ..'
- %APPDATA%\microsoft\windows\start menu\programs\startup\java update.exe
- <SYSTEM32>\tasks\server
- %TEMP%\ixp000.tmp\launch~2.exe
- %TEMP%\ixp000.tmp\newlau~1.exe
- %TEMP%\javawapl.exe
- %TEMP%\server.exe
- %TEMP%\javawapl.exe
- %TEMP%\ixp000.tmp\launch~2.exe
- 'wo####me.ddns.net':7777
- DNS ASK wo####me.ddns.net
- '%TEMP%\ixp000.tmp\newlau~1.exe'
- '%TEMP%\ixp000.tmp\launch~2.exe'
- '%TEMP%\javawapl.exe'
- '%TEMP%\ixp000.tmp\newlau~1.exe' ' (со скрытым окном)
- '%TEMP%\ixp000.tmp\launch~2.exe' ' (со скрытым окном)
- '%WINDIR%\syswow64\schtasks.exe' /create /sc minute /mo 1 /tn Server /tr %LOCALAPPDATA%\Temp/Server.exe' (со скрытым окном)
- '%ProgramFiles%\java\jre1.8.0_45\bin\javaw.exe' -Dfile.encoding=UTF-8 -classpath "%TEMP%\IXP000.TMP\NEWLAU~1.EXE" org.develnext.jphp.ext.javafx.FXLauncher
- '%WINDIR%\syswow64\schtasks.exe' /create /sc minute /mo 1 /tn Server /tr %LOCALAPPDATA%\Temp/Server.exe