Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '52661103a5837ce7e3a982774ad22972' = '"%APPDATA%\code.exe" ..'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] '52661103a5837ce7e3a982774ad22972' = '"%APPDATA%\code.exe" ..'
- [<HKLM>\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] '%APPDATA%\code.exe' = '%APPDATA%\code.exe:*:Enabled:code.exe'
- '<SYSTEM32>\netsh.exe' firewall add allowedprogram "%APPDATA%\code.exe" "code.exe" ENABLE
- '%APPDATA%\code.exe'
- %APPDATA%\code.exe
- 'le####.hopto.org':1177
- DNS ASK le####.hopto.org