Техническая информация
- [<HKLM>\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run] 'Service' = '%WINDIR% host\service.exe'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run] 'Service' = '%WINDIR% host\service.exe'
- [<HKLM>\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] 'Windows Host' = '%WINDIR% host\service.exe'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'Windows Host process' = '%WINDIR% host\service.exe'
- [<HKLM>\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{OK4EB72A-G47P-D7W8-L27N-MQLCEO0OLQ64}] 'StubPath' = '%WINDIR% host\service.exe Restart'
- [<HKLM>\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{OK4EB72A-G47P-D7W8-L27N-MQLCEO0OLQ64}] 'StubPath' = '%WINDIR% host\service.exe'
- %WINDIR%\syswow64\explorer.exe
- %APPDATA%\server.exe
- %WINDIR% host\service.exe
- %TEMP%\user2.txt
- %APPDATA%\userlog.dat
- %TEMP%\user7
- %TEMP%\user8
- %WINDIR% host\service.exe
- %APPDATA%\userlog.dat
- %TEMP%\user2.txt
- %TEMP%\user8
- %TEMP%\user7
- %TEMP%\user8
- %TEMP%\user7
- 'localhost':100
- 'le#####tchyou.no-ip.biz':100
- DNS ASK le#####tchyou.no-ip.biz
- '%APPDATA%\server.exe'
- '%WINDIR% host\service.exe'
- '%WINDIR%\syswow64\explorer.exe'