Техническая информация
- %HOMEPATH%\Start Menu\Programs\Startup\windows.vbs
- [<HKLM>\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] '%TEMP%\RarSFX1\windows7.exe' = '%TEMP%\RarSFX1\windows7.exe:*:Enabled:...
- '%TEMP%\RarSFX0\file.exe' -pfzh21djnliw
- '%TEMP%\RarSFX1\windows7.exe'
- '%TEMP%\Microsoft.exe'
- '<SYSTEM32>\wscript.exe' "%TEMP%\RarSFX0\ijhgkie.vbs"
- '<SYSTEM32>\netsh.exe' firewall add allowedprogram "%TEMP%\RarSFX1\windows7.exe" "windows7.exe" ENABLE
- %TEMP%\RarSFX0\file.exe
- %ProgramFiles%\Microsoft Setup Bootstrapper\Microsoft Setup Bootstrapper\Uninstall.ini
- %TEMP%\RarSFX0\ijhgkie.vbs
- %ALLUSERSPROFILE%\Application Data\Isolated Storage\{61006500-4B00-4D00-3300-39007A005800}
- %TEMP%\RarSFX1\windows7.exe
- %TEMP%\$inst\4.tmp
- %TEMP%\$inst\2.tmp
- %TEMP%\$inst\5.tmp
- %ProgramFiles%\Microsoft Setup Bootstrapper\Microsoft Setup Bootstrapper\Uninstall.exe
- %TEMP%\$inst\temp_0.tmp
- %TEMP%\$inst\5.tmp
- %TEMP%\RarSFX0\file.exe
- %TEMP%\$inst\4.tmp
- %TEMP%\$inst\temp_0.tmp
- %TEMP%\$inst\2.tmp
- '09##.ddns.net':2020
- DNS ASK 09##.ddns.net
- ClassName: 'EDIT' WindowName: ''