Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '75d20e9dfed405dbb0f835558714cf95' = '"%TEMP%\explorer.exe" ..'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] '75d20e9dfed405dbb0f835558714cf95' = '"%TEMP%\explorer.exe" ..'
- [<HKLM>\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] '%TEMP%\explorer.exe' = '%TEMP%\explorer.exe:*:Enabled:explorer.exe'
- '<SYSTEM32>\netsh.exe' firewall add allowedprogram "%TEMP%\explorer.exe" "explorer.exe" ENABLE
- '%TEMP%\explorer.exe'
- %HOMEPATH%\Local Settings\Temp:{31005300-4D00-7600-5600-75002B003400}
- %ALLUSERSPROFILE%\Application Data\Isolated Storage\{31005300-4D00-7600-5600-75002B003400}
- <Текущая директория>:{31005300-4D00-7600-5600-75002B003400}
- %TEMP%\explorer.exe
- 'si#####cker98.no-ip.biz':5552
- DNS ASK si#####cker98.no-ip.biz