Техническая информация
- %HOMEPATH%\Start Menu\Programs\Startup\dbaa873a4b2346a5b6b2b6186c7edd29.exe
- [<HKLM>\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] '%TEMP%\helper.exe' = '%TEMP%\helper.exe:*:Enabled:helper.exe'
- '%TEMP%\helper.exe'
- '%ALLUSERSPROFILE%\Application Data\helper.exe'
- '<SYSTEM32>\netsh.exe' firewall add allowedprogram "%TEMP%\helper.exe" "helper.exe" ENABLE
- '<SYSTEM32>\cmd.exe' /K "%ALLUSERSPROFILE%\Application Data\helper.exe"
- '<SYSTEM32>\reg.exe' reg add "HKLM\Software\Microsoft\Windows\CurrentVersion\Run" /f /v "5f5b56a1-7739-4cc6-953c-3c10bf944d08" /t REG_SZ /d "%ALLUSERSPROFILE%\Application Data\helper.exe" & exit
- helper.exe
- %TEMP%\helper.exe
- %ALLUSERSPROFILE%\Application Data\helper.exe
- %ALLUSERSPROFILE%\Application Data\helper.exe
- 'ka####.selfip.net':49123
- DNS ASK ka####.selfip.net