Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\instup.exe] 'debugger' = 'regedit /s'
- '' (загружен из сети Интернет)
- '<SYSTEM32>\netsh.exe' advfirewall firewall add rule name="Rule" dir=out action=block program="%ProgramFiles%\AVAST Software\Avast\setup\instup.exe" enable=yes
- C:\ProgramData\file.exe
- 'um#####ervoso.com.br':80
- 'localhost':1039
- http://www.um#####ervoso.com.br/home/topo.png via um#####ervoso.com.br
- DNS ASK www.um#####ervoso.com.br
- 'C:\ProgramData\file.exe'
- '<SYSTEM32>\cmd.exe' /c netsh advfirewall firewall add rule name="Rule" dir=out action=block program="%ProgramFiles%\AVAST Software\Avast\setup\instup.exe" enable=yes