Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] '{35F19163-3FE4-E402-3057-E15EE832BE3C}' = '"%APPDATA%\Finur\adogo.exe"'
- [<HKLM>\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] '<SYSTEM32>\ctfmon.exe' = '<SYSTEM32>\ctfmon.exe:*:Enabled:ctfmon.exe'
- [<HKLM>\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] '%WINDIR%\explorer.exe' = '%WINDIR%\explorer.exe:*:Enabled:explorer.exe'
- [<HKLM>\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] '%APPDATA%\Finur\adogo.exe' = '%APPDATA%\Finur\adogo.exe:*:Enabled:adogo.exe'
- '%APPDATA%\Finur\adogo.exe'
- <SYSTEM32>\cscript.exe
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3] '1609' = '00000000'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3] '1406' = '00000000'
- %TEMP%\tmpd45449a5.bat
- %APPDATA%\Icbue\amopd.ryo
- %APPDATA%\Finur\adogo.exe
- 'fe##it.net':80
- fe##it.net/tt.bin
- DNS ASK fe##it.net
- ClassName: 'Indicator' WindowName: '(null)'