Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] '%WINDIR%\explorer.exe' = '%WINDIR%\explorer.exe:*:Enabled:ENABLE'
- '<SYSTEM32>\netsh.exe' firewall set allowedprogram "%WINDIR%\Explorer.EXE" ENABLE
- %WINDIR%\Explorer.EXE
- 'up###fnow.cn':80
- 'up#####.#alwaresdestructor.com':80
- http://up#####.#alwaresdestructor.com/loader.exe
- http://up###fnow.cn/reports/ServiceReports.php
- DNS ASK up###fnow.cn
- DNS ASK up#####.#alwaresdestructor.com