by Simon Moon
Written in Delphi
Made in Germany
Server: dropped files: C:\WINDOWS\system\WinSys.exe C:\WINDOWS\system\systray.exe.jkl c:\WINDOWS\Start Menu\Programma's\Opstarten\WinSys.exe size: 257 KB port: 25982, 25686, 27160 TCP startup: HKLM\Software\Microsoft\Windows\CurrentVersion\Run "WinSys" HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices "SystemTray" HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices "WinSys" HKLM\Software\Microsoft\Windows\CurrentVersion\Run "SystemTray" c:\WINDOWS\Start Menu\Programma's\Opstarten Added: HKEY_CLASSES_ROOT\jklfile\shell\open\commandMegaSecurity