Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '7d56c29173fb5eb40655431c990b5b9b' = '"%APPDATA%\services.exe" ..'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] '7d56c29173fb5eb40655431c990b5b9b' = '"%APPDATA%\services.exe" ..'
- %HOMEPATH%\Start Menu\Programs\Startup\7d56c29173fb5eb40655431c990b5b9b.exe
- <Имя диска съемного носителя>:\7d56c29173fb5eb40655431c990b5b9b.exe
- [<HKLM>\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] '%APPDATA%\services.exe' = '%APPDATA%\services.exe:*:Enabled:services.e...
- '%APPDATA%\services.exe'
- '<SYSTEM32>\netsh.exe' firewall add allowedprogram "%APPDATA%\services.exe" "services.exe" ENABLE
- '<SYSTEM32>\rundll32.exe' <SYSTEM32>\shell32.dll,OpenAs_RunDLL %TEMP%\video eltemas dokhtar irani.mp4
- '%TEMP%\Wind.exe'
- %TEMP%\3885c4dd-0f20-4d27-95a1-1dc9867effa0\AgileDotNetRT.dll
- %APPDATA%\services.exe
- %TEMP%\video eltemas dokhtar irani.mp4
- %TEMP%\Wind.exe
- <Имя диска съемного носителя>:\7d56c29173fb5eb40655431c990b5b9b.exe
- 'ho####me.hopto.org':5223
- DNS ASK ho####me.hopto.org
- ClassName: 'Indicator' WindowName: ''
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: 'EDIT' WindowName: ''