Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '1696bef9116078b7fa7adf869ecd9e8c' = '"%APPDATA%\IDMan.Exe" ..'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] '1696bef9116078b7fa7adf869ecd9e8c' = '"%APPDATA%\IDMan.Exe" ..'
- %HOMEPATH%\Start Menu\Programs\Startup\salah1.exe
- <Имя диска съемного носителя>:\SystemeUSB.exe
- [<HKLM>\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] '%APPDATA%\IDMan.Exe' = '%APPDATA%\IDMan.Exe:*:Enabled:IDMan.Exe'
- 'C:\salah1.exe'
- '%APPDATA%\IDMan.Exe'
- '%TEMP%\salah1.exe'
- '%TEMP%\mujahid-bug.exe'
- '<SYSTEM32>\netsh.exe' firewall add allowedprogram "%APPDATA%\IDMan.Exe" "IDMan.Exe" ENABLE
- C:\mujahid-bug.exe
- C:\salah1.exe
- %APPDATA%\IDMan.Exe
- %TEMP%\mujahid-bug.exe
- %TEMP%\aut1.tmp
- %TEMP%\salah1.exe
- %TEMP%\aut2.tmp
- <Имя диска съемного носителя>:\SystemeUSB.exe
- %APPDATA%\IDMan.Exe
- %TEMP%\salah1.exe
- C:\mujahid-bug.exe
- C:\salah1.exe
- %TEMP%\aut2.tmp
- %TEMP%\aut1.tmp
- '12#####call.myftp.org':81
- DNS ASK 12#####call.myftp.org
- ClassName: 'Indicator' WindowName: ''
- ClassName: 'EDIT' WindowName: ''
- ClassName: 'Shell_TrayWnd' WindowName: ''