Техническая информация
- [<HKLM>\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] 'InstallShield Update Service' = '"%APPDATA%\529787.exe"'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'InstallShield Update Service' = '"%APPDATA%\529787.exe"'
- [<HKLM>\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] '"%APPDATA%\529787.exe"' = '"%APPDATA%\529787.exe":*:Enabled:Instal...
- %APPDATA%\529787.exe
- <Полный путь к файлу>
- %APPDATA%\529787.exe
- 'localhost':80
- DNS ASK pt##1.in
- DNS ASK pt##3.in
- DNS ASK pt##8.in
- DNS ASK pt##21.in
- DNS ASK pt##55.in
- DNS ASK pt##144.in
- DNS ASK pt##377.in
- DNS ASK pt##987.in
- DNS ASK pt##2584.in
- '%APPDATA%\529787.exe'
- '%APPDATA%\529787.exe' ' (со скрытым окном)