Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '88010cb8ba9b87b7a7aca23bf9530071' = '"%TEMP%\fjf43bh.exe" ..'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] '88010cb8ba9b87b7a7aca23bf9530071' = '"%TEMP%\fjf43bh.exe" ..'
- %HOMEPATH%\Start Menu\Programs\Startup\88010cb8ba9b87b7a7aca23bf9530071.exe
- [<HKLM>\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] '%TEMP%\fjf43bh.exe' = '%TEMP%\fjf43bh.exe:*:Enabled:fjf43bh.exe'
- '%TEMP%\fjf43bh.exe'
- '<SYSTEM32>\netsh.exe' firewall add allowedprogram "%TEMP%\fjf43bh.exe" "fjf43bh.exe" ENABLE
- <LS_APPDATA>\IsolatedStorage\3skslwmx.m4z\jmn0ckfe.mbi\Url.itxptamjmqxv31552vpp2uid3ms4goz5\AssemFiles\E25531FE\Usages.bin
- <LS_APPDATA>\IsolatedStorage\3skslwmx.m4z\jmn0ckfe.mbi\Url.itxptamjmqxv31552vpp2uid3ms4goz5\info.dat
- %TEMP%\fjf43bh.exe
- <LS_APPDATA>\IsolatedStorage\3skslwmx.m4z\jmn0ckfe.mbi\Url.itxptamjmqxv31552vpp2uid3ms4goz5\identity.dat
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: 'Indicator' WindowName: ''