Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'e5d5813f269e4376739dab7d1bfdb8cf' = '"%WINDIR%\svchost.exe" ..'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'e5d5813f269e4376739dab7d1bfdb8cf' = '"%WINDIR%\svchost.exe" ..'
- %HOMEPATH%\Start Menu\Programs\Startup\e5d5813f269e4376739dab7d1bfdb8cf.exe
- [<HKLM>\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] '%WINDIR%\svchost.exe' = '%WINDIR%\svchost.exe:*:Enabled:svchost.exe'
- '<SYSTEM32>\netsh.exe' firewall add allowedprogram "%WINDIR%\svchost.exe" "svchost.exe" ENABLE
- %WINDIR%:{56006F00-5300-7A00-5100-7A006E006700}
- %ALLUSERSPROFILE%\Application Data\Isolated Storage\{56006F00-5300-7A00-5100-7A006E006700}
- %WINDIR%:{72003100-3200-5100-4A00-470036005500}
- %WINDIR%\svchost.exe
- <Текущая директория>:{56006F00-5300-7A00-5100-7A006E006700}
- <Текущая директория>:{72003100-3200-5100-4A00-470036005500}
- %ALLUSERSPROFILE%\Application Data\Isolated Storage\{72003100-3200-5100-4A00-470036005500}
- 'ra###e.ddns.net':1177
- DNS ASK ra###e.ddns.net
- '%WINDIR%\svchost.exe'