Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'b9631d22078637d3cb542c9d51317cff' = '"%APPDATA%\Cmd.exe" ..'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'b9631d22078637d3cb542c9d51317cff' = '"%APPDATA%\Cmd.exe" ..'
- %HOMEPATH%\Start Menu\Programs\Startup\b9631d22078637d3cb542c9d51317cff.exe
- [<HKLM>\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] '%APPDATA%\Cmd.exe' = '%APPDATA%\Cmd.exe:*:Enabled:Cmd.exe'
- '%APPDATA%\Cmd.exe'
- '<SYSTEM32>\netsh.exe' firewall add allowedprogram "%APPDATA%\Cmd.exe" "Cmd.exe" ENABLE
- %APPDATA%\Cmd.exe
- DNS ASK ch####a13.no-ip.biz
- ClassName: 'Indicator' WindowName: '(null)'