Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run] 'dVqhlWHg_fjXqKMXMVNpdZhdSJ' = '<SYSTEM32>\HGnelVjPKnNLUY.exe'
- [<HKLM>\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] '%WINDIR%\explorer.exe' = '%WINDIR%\explorer.exe:*:Enabled:dVqhlWHg_fjXqKMXMVNpdZhdSJ'
- '<SYSTEM32>\rundll32.exe' <SYSTEM32>\FirewallControlPanel.dll,ShowNotificationDialog /configure /ETOnly 0 /OnProfiles 6 /OtherAllowed 0 /OtherBlocked 0 /OtherEdgeAllowed 0 /NewBlocked 4 "%WINDIR%\explorer.exe"
- '%WINDIR%\explorer.exe'
- %WINDIR%\explorer.exe
- %APPDATA%\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\System Check.lnk
- <SYSTEM32>\HGnelVjPKnNLUY.exe
- 'f3##4tt.org':80
- f3##4tt.org/kab42w/
- DNS ASK f3##4tt.org