Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '7d56c29173fb5eb40655431c990b5b9b' = '"%APPDATA%\services.exe" ..'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] '7d56c29173fb5eb40655431c990b5b9b' = '"%APPDATA%\services.exe" ..'
- %HOMEPATH%\Start Menu\Programs\Startup\7d56c29173fb5eb40655431c990b5b9b.exe
- [<HKLM>\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] '%APPDATA%\services.exe' = '%APPDATA%\services.exe:*:Enabled:services.e...
- '<SYSTEM32>\netsh.exe' firewall add allowedprogram "%APPDATA%\services.exe" "services.exe" ENABLE
- '<SYSTEM32>\taskkill.exe' /f /im "iExplorer.exe"
- %TEMP%\is-NPF9O.tmp\_isetup\_shfoldr.dll
- %TEMP%\is-NPF9O.tmp\isxdl.dll
- %TEMP%\is-NPF9O.tmp\itdownload.dll
- %APPDATA%\services.exe
- %HOMEPATH%\Local Settings\Tempservices.exe
- %HOMEPATH%\Local Settings\Tempiexplorer_pc.exe
- %TEMP%\is-5FFK1.tmp\Tempiexplorer_pc.tmp
- 'al####no.no-ip.biz':2007
- DNS ASK al####no.no-ip.biz
- ClassName: '' WindowName: ''
- '%TEMP%\is-5FFK1.tmp\Tempiexplorer_pc.tmp' /SL5="$400DE,9777128,131584,%HOMEPATH%\Local Settings\Tempiexplorer_pc.exe"
- '%APPDATA%\services.exe'
- '%HOMEPATH%\Local Settings\Tempservices.exe'
- '%HOMEPATH%\Local Settings\Tempiexplorer_pc.exe'