by Simon Moon
Written in Delphi
Made in Germany
Server: dropped files: C:\WINDOWS\system\WinSys.exe C:\WINDOWS\system\systray.exe.jkl size: 317 KB port: 25982, 25686, 27160 TCP startup: HKLM\Software\Microsoft\Windows\CurrentVersion\Run "SystemTray" HKLM\Software\Microsoft\Windows\CurrentVersion\Run "WinSys" HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices "SystemTray" HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices "WinSys" Added: HKCR\jklfile\shell\open\command "(Default)"MegaSecurity