Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '7ff0818892490ec1223c262c5cc0a724' = '"%TEMP%\checker.exe" ..'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] '7ff0818892490ec1223c262c5cc0a724' = '"%TEMP%\checker.exe" ..'
- %HOMEPATH%\Start Menu\Programs\Startup\7ff0818892490ec1223c262c5cc0a724.exe
- [<HKLM>\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] '%TEMP%\checker.exe' = '%TEMP%\checker.exe:*:Enabled:checker.exe'
- '%TEMP%\checker.exe'
- '%ALLUSERSPROFILE%\Application Data\hitman_checker\hitman checker\1.0.0.0\temp\hchecker.exe'
- '%ALLUSERSPROFILE%\Application Data\hitman_checker\hitman checker\1.0.0.0\temp\HitmanChecker.exe'
- '<SYSTEM32>\netsh.exe' firewall add allowedprogram "%TEMP%\checker.exe" "checker.exe" ENABLE
- %TEMP%\checker.exe
- %ALLUSERSPROFILE%\Application Data\hitman_checker\hitman checker\1.0.0.0\temp\hchecker.exe
- %ALLUSERSPROFILE%\Application Data\hitman_checker\hitman checker\1.0.0.0\temp\HitmanChecker.exe
- 'sk###r.ddns.net':5552
- DNS ASK sk###r.ddns.net
- ClassName: 'Shell_traywnd' WindowName: ''