Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '38bb4214123d1047f97bfa344be2a632' = '"%HOMEPATH%\abass.exe" ..'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] '38bb4214123d1047f97bfa344be2a632' = '"%HOMEPATH%\abass.exe" ..'
- %HOMEPATH%\Start Menu\Programs\Startup\38bb4214123d1047f97bfa344be2a632.exe
- [<HKLM>\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] '%HOMEPATH%\abass.exe' = '%HOMEPATH%\abass.exe:*:Enabled:abass.exe'
- '%HOMEPATH%\abass.exe'
- '%TEMP%\270.exe'
- '<SYSTEM32>\netsh.exe' firewall add allowedprogram "%HOMEPATH%\abass.exe" "abass.exe" ENABLE
- %HOMEPATH%\abass.exe
- %TEMP%\270.exe
- 'hu###.no-ip.biz':1177
- DNS ASK hu###.no-ip.biz
- ClassName: 'Indicator' WindowName: '(null)'