Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'Sun(tm)' = '<SYSTEM32>\java\svchost.exe'
- <SYSTEM32>\java\svchost.exe
- <SYSTEM32>\rundll32.exe <SYSTEM32>\shimgvw.dll,ImageView_Fullscreen "%TEMP%\3.JPG"
- %WINDIR%\Explorer.EXE
- %TEMP%\PACKAGEINFO
- %TEMP%\PERSISTANCE
- %TEMP%\NETDATA
- %TEMP%\KEYLOGGER
- %TEMP%\MUTEXNAME
- %TEMP%\POWERNAME
- %TEMP%\USEMUTEX
- %TEMP%\USEPASS
- %TEMP%\SERVERID
- %TEMP%\POWERPERS
- %TEMP%\PREFIXTYPE
- %TEMP%\DVCLAL
- %TEMP%\FILEATTRIB
- %TEMP%\DIRATTRIB
- <SYSTEM32>\java\svchost.exe
- %TEMP%\3.JPG
- %TEMP%\FULLPATH
- %TEMP%\ISBIND
- %TEMP%\ISPOWER
- %TEMP%\IMIN
- %TEMP%\GENCODE
- %TEMP%\IMAX
- 'ku####ix.no-ip.info':2003
- DNS ASK ku####ix.no-ip.info
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: 'ShImgVw:CPreviewWnd' WindowName: ''
- ClassName: 'Indicator' WindowName: ''