Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] 'AppInit_DLLs' = 'sp3_bak.dll,jjmpdf.dll,jjmprotect.dll'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'jjmclient' = '<SYSTEM32>\jjmClient.exe'
- [<HKLM>\SYSTEM\ControlSet001\Services\usbfilt] 'Start' = '00000000'
- <SYSTEM32>\jjmClient.exe
- <SYSTEM32>\rundll32.exe magicdel.dll,_MagicDel@16 <Полный путь к вирусу>
- <SYSTEM32>\jjmClient.exe
- <SYSTEM32>\unjjmclient.exe
- <SYSTEM32>\jjmwuServer.dll
- <SYSTEM32>\magicdel.dll
- <SYSTEM32>\CenterAddr.txt
- <SYSTEM32>\jjmClient.inichange
- <SYSTEM32>\jjmdev.dll
- <SYSTEM32>\sp3_bak.ini
- <SYSTEM32>\jjmpdf.dll
- <SYSTEM32>\sp3_bak.dll
- <DRIVERS>\usbfilt.sys
- <SYSTEM32>\jjmntasksys.dll
- <SYSTEM32>\jjmprotect.dll
- <SYSTEM32>\magicdel.dll
- <SYSTEM32>\magicdel.dll
- <SYSTEM32>\CenterAddr.txt
- '<IP-адрес в локальной сети>':4089
- 'any':4089
- '25#.#55.255.255':6868