Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'Windows .NET Runtime Optimization Service v2.0.50727_X86' = '<LS_APPDATA>\HGR\avp_update.exe'
- [<HKLM>\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] '<LS_APPDATA>\HGR\avp_update.exe' = '<LS_APPDATA>\HGR\avp_update.exe:*:Enabled:Windows .NET Runtime Optimization Service v2.0.50727_X86'
- '<LS_APPDATA>\HGR\ntsvchost.exe'
- '<LS_APPDATA>\HGR\avp_update.exe'
- '<SYSTEM32>\wbem\wmiadap.exe' /R /T
- '<SYSTEM32>\netsh.exe' firewall add allowedprogram "<LS_APPDATA>\HGR\avp_update.exe" "Windows .NET Runtime Optimization Service v2.0.50727_X86" ENABLE
- <LS_APPDATA>\HGR\ntsvchost.exe
- <LS_APPDATA>\HGR\avp_update.exe
- <SYSTEM32>\PerfStringBackup.TMP
- <SYSTEM32>\wbem\Performance\WmiApRpl.ini
- 'do####atmost.com':80
- 'ns###esite.com':80
- do####atmost.com/rew_v.php
- ns###esite.com/faq.php
- DNS ASK do####atmost.com
- DNS ASK ns###esite.com