Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'jdbtray' = '%WINDIR%\jdbcconf.exe'
- %WINDIR%\Tasks\jdbtray_task.job
- %WINDIR%\Tasks\At1.job
- '%WINDIR%\jdbcconf.exe' RASENGAN_SHURIKEN
- '%WINDIR%\jdbcconf.exe'
- '<SYSTEM32>\schtasks.exe' /Delete /TN jdbtray_task /F
- '<SYSTEM32>\schtasks.exe' /Create /SC MINUTE /MO 34 /TN jdbtray_task /TR "%WINDIR%\jdbcconf.exe" /ru System
- '<SYSTEM32>\at.exe' 20:18 /INTERACTIVE "%WINDIR%\jdbcconf.exe"
- '<SYSTEM32>\reg.exe' ADD hklm\Software\Microsoft\Windows\CurrentVersion\Run /v jdbtray /d "%WINDIR%\jdbcconf.exe" /f
- '<SYSTEM32>\at.exe' /delete /yes
- %WINDIR%\sortie.txt
- %WINDIR%\jdbcconf.exe
- %WINDIR%\sortie.txt
- 'ka###.woonix.com':80
- ka###.woonix.com/server/?ve############################################################################################################################################
- DNS ASK ka###.woonix.com
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: 'EDIT' WindowName: ''