Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'a075592d1b832d9af24088b4af6edfb7' = '"%APPDATA%\update.exe" ..'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'a075592d1b832d9af24088b4af6edfb7' = '"%APPDATA%\update.exe" ..'
- [<HKLM>\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] '%APPDATA%\update.exe' = '%APPDATA%\update.exe:*:Enabled:update.exe'
- '<SYSTEM32>\wscript.exe' "%TEMP%\sys.vbs"
- '%APPDATA%\update.exe'
- '<SYSTEM32>\netsh.exe' firewall add allowedprogram "%APPDATA%\update.exe" "update.exe" ENABLE
- '<SYSTEM32>\notepad.exe' %TEMP%\TheForest_0.40.txt
- '%TEMP%\57yhyh.ExE'
- %TEMP%\57yhyh.ExE
- %APPDATA%\update.exe
- %TEMP%\TheForest_0.40.txt
- %TEMP%\sys.vbs
- 'ke###.ddns.net':5552
- DNS ASK ke###.ddns.net
- ClassName: 'Shell_TrayWnd' WindowName: ''