Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '07d943888f931e4c62ade356b8af4fed' = '"%TEMP%\showmain.exe" ..'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] '07d943888f931e4c62ade356b8af4fed' = '"%TEMP%\showmain.exe" ..'
- %HOMEPATH%\Start Menu\Programs\Startup\07d943888f931e4c62ade356b8af4fed.exe
- [<HKLM>\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] '%TEMP%\showmain.exe' = '%TEMP%\showmain.exe:*:Enabled:showmain.exe'
- '%TEMP%\showmain.exe'
- '%HOMEPATH%\Local Settings\Tempbh.exe'
- '<SYSTEM32>\netsh.exe' firewall add allowedprogram "%TEMP%\showmain.exe" "showmain.exe" ENABLE
- %TEMP%\showmain.exe
- %HOMEPATH%\Local Settings\Tempbh.exe
- 'aw#####y12.no-ip.biz':5552
- DNS ASK aw#####y12.no-ip.biz
- ClassName: 'Indicator' WindowName: ''