Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'd17de3a1ae19a122b329daf28aa6ff3b' = '"%TEMP%\alonewolf_nj.exe" ..'
- [<HKLM>\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] 'd17de3a1ae19a122b329daf28aa6ff3b' = '"%TEMP%\alonewolf_nj.exe" ..'
- '%WINDIR%\syswow64\netsh.exe' firewall add allowedprogram "%TEMP%\alonewolf_nj.exe" "alonewolf_nj.exe" ENABLE
- alonewolf_nj.exe
- %TEMP%\alonewolf_nj.exe
- DNS ASK al#######-45132.portmap.host
- '%TEMP%\alonewolf_nj.exe'
- '%WINDIR%\syswow64\netsh.exe' firewall add allowedprogram "%TEMP%\alonewolf_nj.exe" "alonewolf_nj.exe" ENABLE' (со скрытым окном)