Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'cc781a63d12c577a7d9fcdc39ae476aa' = '"%WINDIR%\service.exe" ..'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'cc781a63d12c577a7d9fcdc39ae476aa' = '"%WINDIR%\service.exe" ..'
- %HOMEPATH%\Start Menu\Programs\Startup\cc781a63d12c577a7d9fcdc39ae476aa.exe
- [<HKLM>\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] '%WINDIR%\service.exe' = '%WINDIR%\service.exe:*:Enabled:service.exe'
- '%TEMP%\is-G6QCG.tmp\Tempiexplorer_pc.tmp' /SL5="$400DE,9777128,131584,%HOMEPATH%\Local Settings\Tempiexplorer_pc.exe"
- '%WINDIR%\service.exe'
- '%HOMEPATH%\Local Settings\Tempsystem.exe'
- '%HOMEPATH%\Local Settings\Tempiexplorer_pc.exe'
- '<SYSTEM32>\netsh.exe' firewall add allowedprogram "%WINDIR%\service.exe" "service.exe" ENABLE
- '<SYSTEM32>\taskkill.exe' /f /im "iExplorer.exe"
- %TEMP%\is-UTGGP.tmp\isxdl.dll
- %WINDIR%\service.exe
- %TEMP%\is-UTGGP.tmp\itdownload.dll
- %TEMP%\is-UTGGP.tmp\_isetup\_shfoldr.dll
- %HOMEPATH%\Local Settings\Tempsystem.exe
- %HOMEPATH%\Local Settings\Tempiexplorer_pc.exe
- %TEMP%\is-G6QCG.tmp\Tempiexplorer_pc.tmp
- 'al####no.no-ip.biz':2008
- DNS ASK al####no.no-ip.biz
- ClassName: '' WindowName: ''