Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] '45015a7452063c51af81a6b706543149' = '"%TEMP%\your pics.exe" ..'
- [<HKLM>\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '45015a7452063c51af81a6b706543149' = '"%TEMP%\your pics.exe" ..'
- %APPDATA%\microsoft\windows\start menu\programs\startupx\system.pif
- '%WINDIR%\syswow64\netsh.exe' firewall add allowedprogram "%TEMP%\your pics.exe" "your pics.exe" ENABLE
- your pics.exe
- %TEMP%\ixp000.tmp\m.exe
- %TEMP%\ixp000.tmp\m.ex_
- <LS_APPDATA>\csidl_
- <LS_APPDATA>\csidl_x
- %TEMP%\your pics.exe
- %TEMP%\your pics.ex_
- <LS_APPDATA>\csidl_
- <LS_APPDATA>\csidl_x
- %TEMP%\your pics.ex_
- %TEMP%\ixp000.tmp\m.ex_
- %TEMP%\ixp000.tmp\m.exe
- <LS_APPDATA>\csidl_x
- %TEMP%\ixp000.tmp\m.exe в %TEMP%\ixp000.tmp\m.exex
- %TEMP%\your pics.exe в %TEMP%\your pics.exex
- %TEMP%\ixp000.tmp\m.exe
- %TEMP%\your pics.exe
- DNS ASK an####12.no-ip.biz
- '%TEMP%\ixp000.tmp\m.exe'
- '%TEMP%\your pics.exe'
- '%WINDIR%\syswow64\netsh.exe' firewall add allowedprogram "%TEMP%\your pics.exe" "your pics.exe" ENABLE' (со скрытым окном)