Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '72c4e307d92464836cc471631e010fb0' = '"%TEMP%\TooL.exe" ..'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] '72c4e307d92464836cc471631e010fb0' = '"%TEMP%\TooL.exe" ..'
- %HOMEPATH%\Start Menu\Programs\Startup\72c4e307d92464836cc471631e010fb0.exe
- [<HKLM>\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] '%TEMP%\TooL.exe' = '%TEMP%\TooL.exe:*:Enabled:TooL.exe'
- '<SYSTEM32>\netsh.exe' firewall add allowedprogram "%TEMP%\TooL.exe" "TooL.exe" ENABLE
- '%TEMP%\TooL.exe'
- %TEMP%\TooL.exe
- 'qh###r.ddns.net':1177
- DNS ASK qh###r.ddns.net
- ClassName: 'Indicator' WindowName: ''