Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'SunJavaUpdateScheduler' = '%APPDATA%\Java Runtime Environment\jusched.exe'
- '%APPDATA%\jusched.exe'
- '%APPDATA%\Java Runtime Environment\jusched.exe'
- '<SYSTEM32>\cmd.exe' /c ""<Текущая директория>\%USERNAME%_0000031A-0000-0000-C000-000000000046DELUP.bat" "
- %TEMP%\scare.mp3
- %TEMP%\aut4.tmp
- %TEMP%\aut3.tmp
- <Текущая директория>\%USERNAME%_0000031A-0000-0000-C000-000000000046DELUP.bat
- %TEMP%\scare.bmp
- %TEMP%\aut5.tmp
- %TEMP%\aut2.tmp
- %TEMP%\jusched.exe
- %TEMP%\aut1.tmp
- %APPDATA%\Java Runtime Environment\jusched.exe
- %APPDATA%\jusched.exe
- %TEMP%\jusched2.exe
- %APPDATA%\Java Runtime Environment\jusched.exe
- %APPDATA%\jusched.exe
- %TEMP%\aut3.tmp
- %TEMP%\aut4.tmp
- %TEMP%\aut5.tmp
- %TEMP%\jusched2.exe
- %TEMP%\aut1.tmp
- %TEMP%\aut2.tmp
- %TEMP%\jusched.exe
- 'www.av###r.xaa.pl':80
- www.av###r.xaa.pl/avatar/clients.php
- www.av###r.xaa.pl/avatar/commandGETAll.php
- www.av###r.xaa.pl/avatar/commandGET.php
- DNS ASK www.av###r.xaa.pl
- ClassName: 'Indicator' WindowName: '(null)'