Техническая информация
- [<HKLM>\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command] '' = '"<LS_APPDATA>\pw.exe" /START "%ProgramFiles%\Internet Explorer\iexplore.exe"'
- [<HKLM>\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] 'EnableFirewall' = '00000000'
- [<HKLM>\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] 'DoNotAllowExceptions' = '00000000'
- [<HKLM>\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] 'DisableNotifications' = '00000001'
- [<HKLM>\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] 'EnableFirewall' = '00000000'
- [<HKLM>\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] 'DoNotAllowExceptions' = '00000000'
- [<HKLM>\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] 'DisableNotifications' = '00000001'
- Центр обеспечения безопасности (Security Center)
- <LS_APPDATA>\opRSK
- <LS_APPDATA>\pw.exe
- <Полный путь к файлу>
- 'se#####illpayment1.com':80
- DNS ASK microsoft.com
- DNS ASK up###eyrvwq.com
- DNS ASK se#####illpayment1.com
- DNS ASK up###ezyeqe.com
- ClassName: 'msascui_class' WindowName: ''
- '<LS_APPDATA>\pw.exe' /GAV <Полный путь к файлу>