Техническая информация
- [<HKCU>\software\Microsoft\Windows\CurrentVersion\Run] '7be74842fcb24a292c45ed20c02e9871' = '"%APPDATA%\svhost.exe" ..'
- [<HKLM>\software\Microsoft\Windows\CurrentVersion\Run] '7be74842fcb24a292c45ed20c02e9871' = '"%APPDATA%\svhost.exe" ..'
- %HOMEPATH%\start menu\programs\startup\7be74842fcb24a292c45ed20c02e9871.exe
- [<HKLM>\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] '%APPDATA%\svhost.exe' = '%APPDATA%\svhost.exe:*:Enabled:svhost.exe...
- '<SYSTEM32>\netsh.exe' firewall add allowedprogram "%APPDATA%\svhost.exe" "svhost.exe" ENABLE
- %APPDATA%\svhost.exe
- 'an####55.hopto.org':1414
- 'localhost':1414
- DNS ASK an####55.hopto.org
- '%APPDATA%\svhost.exe'
- '<SYSTEM32>\netsh.exe' firewall add allowedprogram "%APPDATA%\svhost.exe" "svhost.exe" ENABLE' (со скрытым окном)