Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] '%TEMP%\s4.exe' = '%TEMP%\s4.exe:*:Enabled:s4.exe'
- 'C:\Extracted\xccx.exe'
- '%TEMP%\1vo7ca1TzlrGzSMjXhNr.exe'
- '%TEMP%\s4.exe'
- '<SYSTEM32>\48021729da3c685397f94a936064899a_uiso9_pe-en.exe'
- '<SYSTEM32>\212.exe'
- '%TEMP%\is-C5FJ5.tmp\48021729da3c685397f94a936064899a_uiso9_pe-en.tmp' /SL5="$40092,3884896,126976,<SYSTEM32>\48021729da3c685397f94a936064899a_uiso9_pe-en.exe"
- '<SYSTEM32>\netsh.exe' firewall add allowedprogram "%TEMP%\s4.exe" "s4.exe" ENABLE
- %TEMP%\is-VUE0B.tmp\_isetup\_shfoldr.dll
- C:\Extracted\HVMRuntm.dll
- %TEMP%\s4.exe
- %TEMP%\1vo7ca1TzlrGzSMjXhNr.exe
- C:\Extracted\xccx.exe
- <SYSTEM32>\212.exe
- <SYSTEM32>\48021729da3c685397f94a936064899a_uiso9_pe-en.exe
- %TEMP%\sfx.ini
- %TEMP%\is-C5FJ5.tmp\48021729da3c685397f94a936064899a_uiso9_pe-en.tmp
- %TEMP%\sfx.ini
- 'ha###.no-ip.biz':1177
- DNS ASK ha###.no-ip.biz
- ClassName: 'Shell_TrayWnd' WindowName: '(null)'
- ClassName: 'EDIT' WindowName: '(null)'