Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '0148945426d18f2146bf14aa1d555ad7' = '"%TEMP%\google Chrom.exe" ..'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] '0148945426d18f2146bf14aa1d555ad7' = '"%TEMP%\google Chrom.exe" ..'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'hack' = '<LS_APPDATA>\aa.exe'
- %HOMEPATH%\Start Menu\Programs\Startup\0148945426d18f2146bf14aa1d555ad7.exe
- [<HKLM>\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] '%TEMP%\google Chrom.exe' = '%TEMP%\google Chrom.exe:*:Enabled:google Chrom.exe'
- '%TEMP%\google Chrom.exe'
- '<SYSTEM32>\netsh.exe' firewall add allowedprogram "%TEMP%\google Chrom.exe" "google Chrom.exe" ENABLE
- %TEMP%\google Chrom.exe
- <LS_APPDATA>\aa.exe
- 'm2#####077.no-ip.biz':1177
- DNS ASK m2#####077.no-ip.biz
- ClassName: 'Indicator' WindowName: ''