Техническая информация
- [<HKCU>\Software\Microsoft\Active Setup\Installed Components\{B3DB0D62-B481-4929-888B-49F426C1A136}] 'StubPath' = '%APPDATA%\OracleJava\javaw.exe'
- [<HKLM>\SOFTWARE\Microsoft\Active Setup\Installed Components\{B3DB0D62-B481-4929-888B-49F426C1A136}] 'StubPath' = '%APPDATA%\OracleJava\javaw.exe'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'Windows NT Service' = '%APPDATA%\OracleJava\javaw.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'Windows NT Service' = '%APPDATA%\OracleJava\javaw.exe'
- '%APPDATA%\OracleJava\javaw.exe' -m "<Полный путь к вирусу>"
- %WINDIR%\Explorer.EXE
- %APPDATA%\nsskrnl
- %APPDATA%\OracleJava\javaw.exe
- %APPDATA%\nsskrnl
- %APPDATA%\OracleJava\javaw.exe
- 'ms####eworkx86.com':80
- DNS ASK ms####eworkx86.com
- ClassName: 'Indicator' WindowName: '(null)'