Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '4f0553a83ba331d71f4b6c3408663a1e' = '"%APPDATA%\flash plyer.exe" ..'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] '4f0553a83ba331d71f4b6c3408663a1e' = '"%APPDATA%\flash plyer.exe" ..'
- %HOMEPATH%\Start Menu\Programs\Startup\4f0553a83ba331d71f4b6c3408663a1e.exe
- [<HKLM>\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] '%APPDATA%\flash plyer.exe' = '%APPDATA%\flash plyer.exe:*:Enabled:flash plyer.exe'
- '%APPDATA%\flash plyer.exe'
- '<SYSTEM32>\netsh.exe' firewall add allowedprogram "%APPDATA%\flash plyer.exe" "flash plyer.exe" ENABLE
- %APPDATA%\flash plyer.exe
- 'ni####009.no-ip.biz':1177
- DNS ASK ni####009.no-ip.biz
- ClassName: 'Indicator' WindowName: '(null)'