Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '6322dd86bb577402456df325fa5cd290' = '"%TEMP%\insta.exe" ..'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] '6322dd86bb577402456df325fa5cd290' = '"%TEMP%\insta.exe" ..'
- %HOMEPATH%\Start Menu\Programs\Startup\6322dd86bb577402456df325fa5cd290.exe
- %HOMEPATH%\Start Menu\Programs\Startup\SAW.exe
- [<HKLM>\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] '%TEMP%\insta.exe' = '%TEMP%\insta.exe:*:Enabled:insta.exe'
- '%TEMP%\insta.exe'
- '<SYSTEM32>\netsh.exe' firewall add allowedprogram "%TEMP%\insta.exe" "insta.exe" ENABLE
- '%TEMP%\Instagram Checker v.Special.exe'
- '%TEMP%\SAW.exe'
- %TEMP%\Instagram Checker v.Special.exe
- %TEMP%\insta.exe
- %TEMP%\aut2.tmp
- %TEMP%\aut1.tmp
- %TEMP%\SAW.exe
- %TEMP%\aut2.tmp
- %TEMP%\aut1.tmp
- 'in####56.ddns.net':9876
- 'www.in###gram.com':443
- 'wp#d':80
- http://11#.#11.111.1/wpad.dat via wp#d
- DNS ASK in####56.ddns.net
- DNS ASK www.in###gram.com
- DNS ASK wp#d
- ClassName: 'Shell_TrayWnd' WindowName: ''