Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] '546cec6515b456df97656032cf96ae3e' = '"%ALLUSERSPROFILE%\HelpPane.exe" ..'
- [<HKLM>\Software\Microsoft\Windows\CurrentVersion\Run] '546cec6515b456df97656032cf96ae3e' = '"%ALLUSERSPROFILE%\HelpPane.exe" ..'
- %HOMEPATH%\start menu\programs\startup\546cec6515b456df97656032cf96ae3e.exe
- [<HKLM>\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] '%ALLUSERSPROFILE%\HelpPane.exe' = '%ALLUSERSPROFILE%\HelpPane.exe:...
- '<SYSTEM32>\netsh.exe' firewall add allowedprogram "%ALLUSERSPROFILE%\HelpPane.exe" "HelpPane.exe" ENABLE
- %TEMP%\droppedfile2wdwww543131helppane.exe
- %TEMP%\droppedfile2wdwww543131twd.exe
- %ALLUSERSPROFILE%\helppane.exe
- %TEMP%\droppedfile2wdwww543131helppane.exe
- %ALLUSERSPROFILE%\helppane.exe
- 'ju###lex.kro.kr':8282
- DNS ASK ju###lex.kro.kr
- '%TEMP%\droppedfile2wdwww543131helppane.exe'
- '%TEMP%\droppedfile2wdwww543131twd.exe'
- '%ALLUSERSPROFILE%\helppane.exe'
- '<SYSTEM32>\netsh.exe' firewall add allowedprogram "%ALLUSERSPROFILE%\HelpPane.exe" "HelpPane.exe" ENABLE' (со скрытым окном)