Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '0a0de1e709ec7d3f4ce34c316ac48ee0' = '"%TEMP%\cohrome.exe" ..'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] '0a0de1e709ec7d3f4ce34c316ac48ee0' = '"%TEMP%\cohrome.exe" ..'
- %HOMEPATH%\Start Menu\Programs\Startup\0a0de1e709ec7d3f4ce34c316ac48ee0.exe
- [<HKLM>\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] '%TEMP%\cohrome.exe' = '%TEMP%\cohrome.exe:*:Enabled:cohrome.exe'
- '<SYSTEM32>\netsh.exe' firewall add allowedprogram "%TEMP%\cohrome.exe" "cohrome.exe" ENABLE
- %TEMP%\cohrome.exe
- 'localhost':1122
- '%TEMP%\cohrome.exe'