Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'JavaUpdate8' = 'C:\systeam\winthlxp68byte.cpl'
- <SYSTEM32>\taskkill.exe -f -im rundll32.exe
- <SYSTEM32>\taskkill.exe -f -im rundll32.exe*32
- <SYSTEM32>\cmd.exe /c C:\systeam\roninnn.cmd
- <SYSTEM32>\rundll32.exe Shell32.DLL, Control_RunDLL c:\systeam\winthlxp68byte.cpl
- <SYSTEM32>\reg.exe add "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v JavaUpdate8 /d "C:\systeam\winthlxp68byte.cpl" /f
- C:\systeam\idmaq
- C:\systeam\roninnn.cmd
- C:\systeam\winthlxp68byte.cpl
- 'ki####1.hpg.com.br':80
- ki####1.hpg.com.br/sysgf.html
- DNS ASK ki#####13.hpg.com.br
- DNS ASK ki#####12.hpg.com.br
- DNS ASK ki####1.hpg.com.br
- ClassName: 'Indicator' WindowName: ''
- ClassName: '' WindowName: ''
- ClassName: 'EDIT' WindowName: ''
- ClassName: 'Shell_TrayWnd' WindowName: ''