Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'Application' = '%HOMEPATH%\Start Menu\Programs\Startup\app.exe -boot'
- %HOMEPATH%\Start Menu\Programs\Startup\app.exe
- Отключает уведомления панели задач
- '<SYSTEM32>\netsh.exe' firewall add allowedprogram program = STcONaURjstoJeQ(uMqeEfSfaGeNmho("yJmAEIBBXdvRXSFRGegUiJnA")) name = STcONaURjstoJeQ(uMqeEfSfaGeNmho("XQ0V1bwVGZ0FQZ==")) mode = ENABLE
- %WINDIR%\Microsoft.NET\Framework\v2.0.50727\AppLaunch.exe
- %HOMEPATH%\Local Settings\<INETFILES>\Content.IE5\KHMHGZ4F\zugu[1].exe
- %APPDATA%\log\pass.exe
- %APPDATA%\log\Passwords.txt
- %APPDATA%\log\AutoUpdate.exe
- %TEMP%\aut1.tmp
- %TEMP%\hncdfim
- %TEMP%\aut2.tmp
- %TEMP%\aut2.tmp
- %TEMP%\hncdfim
- %TEMP%\aut1.tmp
- 'vi#####smsonline.site':80
- http://vi#####smsonline.site/zugu.exe
- DNS ASK vi#####smsonline.site
- '%HOMEPATH%\Start Menu\Programs\Startup\app.exe'
- '<SYSTEM32>\cmd.exe' /c %APPDATA%\log\pass.exe all
- '<SYSTEM32>\cmd.exe' /c netsh firewall add allowedprogram program = STcONaURjstoJeQ(uMqeEfSfaGeNmho("yJmAEIBBXdvRXSFRGegUiJnA")) name = STcONaURjstoJeQ(uMqeEfSfaGeNmho("XQ0V1bwVGZ0FQZ==")) mode = ENABLE
- '%WINDIR%\Microsoft.NET\Framework\v2.0.50727\AppLaunch.exe'