Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] '4103df7d432ff6d6bc0aa928ec8490da' = '"%APPDATA%\1.exe" ..'
- [<HKLM>\Software\Microsoft\Windows\CurrentVersion\Run] '4103df7d432ff6d6bc0aa928ec8490da' = '"%APPDATA%\1.exe" ..'
- %HOMEPATH%\start menu\programs\startup\4103df7d432ff6d6bc0aa928ec8490da.exe
- [<HKLM>\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] '%APPDATA%\1.exe' = '%APPDATA%\1.exe:*:Enabled:1.exe'
- '<SYSTEM32>\netsh.exe' firewall add allowedprogram "%APPDATA%\1.exe" "1.exe" ENABLE
- %APPDATA%\start.bat
- %APPDATA%\2.exe
- C:\documents\1.exe
- C:\documents\1341.jpg
- %APPDATA%\1.exe
- '17#.#0.121.124':5552
- ClassName: 'EDIT' WindowName: ''
- ClassName: 'ShImgVw:CPreviewWnd' WindowName: ''
- '%APPDATA%\2.exe' -pghosthackonelove -d%APPDATA%
- 'C:\documents\1.exe'
- '%APPDATA%\1.exe'
- '<SYSTEM32>\netsh.exe' firewall add allowedprogram "%APPDATA%\1.exe" "1.exe" ENABLE' (со скрытым окном)
- '<SYSTEM32>\cmd.exe' /c ""%APPDATA%\start.bat" "
- '<SYSTEM32>\rundll32.exe' <SYSTEM32>\shimgvw.dll,ImageView_Fullscreen C:\Documents\1341.jpg