Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'ec69ad17fcbcefe7b940c75ccac6d743' = '"%APPDATA%\Svchost.exe" ..'
- [<HKLM>\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] 'ec69ad17fcbcefe7b940c75ccac6d743' = '"%APPDATA%\Svchost.exe" ..'
- %APPDATA%\microsoft\windows\start menu\programs\startup\ec69ad17fcbcefe7b940c75ccac6d743.exe
- %WINDIR%\serviceprofiles\localservice\appdata\roaming\microsoft\upnp device host\upnphost\udhisapi.dll
- '%WINDIR%\syswow64\netsh.exe' firewall add allowedprogram "%APPDATA%\Svchost.exe" "Svchost.exe" ENABLE
- %LOCALAPPDATA%cbqeesqxad.exe
- %LOCALAPPDATA%dovdsalzcn..mp3
- %APPDATA%\svchost.exe
- 'ha####974.ddns.net':4444
- DNS ASK ha####974.ddns.net
- '23#.#55.255.250':1900
- ClassName: '\MSITPro::EventQueue' WindowName: ''
- ClassName: 'Type32_Main_Window' WindowName: ''
- ClassName: 'WMPlayerApp' WindowName: ''
- '%LOCALAPPDATA%cbqeesqxad.exe'
- '%APPDATA%\svchost.exe'
- '%WINDIR%\syswow64\netsh.exe' firewall add allowedprogram "%APPDATA%\Svchost.exe" "Svchost.exe" ENABLE' (со скрытым окном)
- '%ProgramFiles(x86)%\windows media player\wmplayer.exe' /Play -Embedding