Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'SunJavaUpdateScheduler' = '%APPDATA%\Java Runtime Environment\jusched.exe'
- '%APPDATA%\jusched.exe'
- '%APPDATA%\Java Runtime Environment\jusched.exe'
- '<SYSTEM32>\cmd.exe' /c ""<Текущая директория>\%USERNAME%.0FABFBFF000206D7DELUP.bat" "
- %APPDATA%\Java Runtime Environment\jusched.exe
- %APPDATA%\jusched.exe
- <Текущая директория>\%USERNAME%.0FABFBFF000206D7DELUP.bat
- %TEMP%\aut3.tmp
- %TEMP%\jusched.exe
- %TEMP%\aut1.tmp
- %TEMP%\jusched2.exe
- %TEMP%\aut2.tmp
- %APPDATA%\Java Runtime Environment\jusched.exe
- %APPDATA%\jusched.exe
- %TEMP%\jusched2.exe
- %TEMP%\aut3.tmp
- %TEMP%\jusched.exe
- %TEMP%\aut1.tmp
- %TEMP%\aut2.tmp
- 'www.au###ot.xaa.pl':80
- www.au###ot.xaa.pl/watchmen/commandGETAll.php
- www.au###ot.xaa.pl/watchmen/commandGET.php
- www.au###ot.xaa.pl/watchmen/clients.php
- DNS ASK www.au###ot.xaa.pl
- ClassName: 'Indicator' WindowName: '(null)'