Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'JokerLoader' = '%HOMEPATH%\Joker\JokerLoader.js'
- '<SYSTEM32>\cmd.exe' /c ""%HOMEPATH%\Joker\Joker.bat" -autorun"
- '<SYSTEM32>\attrib.exe' +S +H +A "%HOMEPATH%\Joker"
- '<SYSTEM32>\wscript.exe' "%HOMEPATH%\Joker\JokerLoader.js"
- '<SYSTEM32>\wscript.exe' "%HOMEPATH%\Joker\JokerLoader.js" -autorun
- '<SYSTEM32>\rundll32.exe' <SYSTEM32>\shimgvw.dll,ImageView_Fullscreen %HOMEPATH%\Joker\picture.jpg
- '<SYSTEM32>\reg.exe' add HKCU\Software\Microsoft\Windows\CurrentVersion\Run /v JokerLoader /t REG_SZ /d "%HOMEPATH%\Joker\JokerLoader.js" /f
- %HOMEPATH%\Recent\Joker.lnk
- %HOMEPATH%\Recent\picture.lnk
- %HOMEPATH%\Joker\picture.jpg
- %HOMEPATH%\Joker\digit.dat
- %HOMEPATH%\ncftp\firewall.txt
- %HOMEPATH%\Joker\botname.dat
- %HOMEPATH%\Joker\taskdone.dat
- %HOMEPATH%\Joker\ncftpput.exe
- %HOMEPATH%\Joker\arj.exe
- %HOMEPATH%\Joker\tree2.js
- %HOMEPATH%\Joker\sleep.bat
- %HOMEPATH%\Joker\cap.exe
- %HOMEPATH%\Joker\ncftpget.exe
- %HOMEPATH%\Joker\JokerLoader.js
- %HOMEPATH%\Joker\Joker.bat
- 'ol#.myip.dk':80
- 'localhost':1038
- DNS ASK ol#.myip.dk
- ClassName: 'ShImgVw:CPreviewWnd' WindowName: '(null)'
- ClassName: 'Indicator' WindowName: '(null)'
- ClassName: 'EDIT' WindowName: '(null)'
- ClassName: 'Shell_TrayWnd' WindowName: '(null)'