Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'Windows File Protection' = '%APPDATA%\Windows File Protection.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices] 'Windows File Protection' = '%APPDATA%\Windows File Protection.exe'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'Windows File Protection' = '%APPDATA%\Windows File Protection.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'Windows File Protection' = 'Windows File Protection.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices] 'Windows File Protection' = 'Windows File Protection.exe'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'Windows File Protection' = 'Windows File Protection.exe'
- [<HKLM>\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] 'ођ|°f‘|яяяя~e‘|ћe‘|' = 'ођ|°f‘|яяяя~e‘|ћe‘|:*:Enabled:Windows File Protection'
- %APPDATA%\Windows File Protection.exe and Settings\%USERNAME%\Application Data\Windows File Protection.exe 304 "<Полный путь к вирусу>" File Protection.exe 304 "<Полный путь к вирусу>"
- %APPDATA%\Windows File Protection.exe
- %APPDATA%\Windows File Protection.exe
- '92.##1.190.244':4672
- ClassName: 'mIRC' WindowName: ''
- ClassName: 'Indicator' WindowName: ''