Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'd6ee12233d7a41a31ddb46c954b03276' = '"%TEMP%\Steem.exe" ..'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'd6ee12233d7a41a31ddb46c954b03276' = '"%TEMP%\Steem.exe" ..'
- %HOMEPATH%\Start Menu\Programs\Startup\d6ee12233d7a41a31ddb46c954b03276.exe
- [<HKLM>\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] '%TEMP%\Steem.exe' = '%TEMP%\Steem.exe:*:Enabled:Steem.exe'
- '<SYSTEM32>\netsh.exe' firewall add allowedprogram "%TEMP%\Steem.exe" "Steem.exe" ENABLE
- '%TEMP%\Steem.exe'
- %TEMP%\Steem.exe
- 'in####2.hopto.org':1993
- DNS ASK in####2.hopto.org