Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'fe0a56257750f982d275e66deefaf133' = '"%TEMP%\ConquerO.exe" ..'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'fe0a56257750f982d275e66deefaf133' = '"%TEMP%\ConquerO.exe" ..'
- %HOMEPATH%\Start Menu\Programs\Startup\fe0a56257750f982d275e66deefaf133.exe
- [<HKLM>\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] '%TEMP%\ConquerO.exe' = '%TEMP%\ConquerO.exe:*:Enabled:ConquerO.exe'
- '<SYSTEM32>\netsh.exe' firewall add allowedprogram "%TEMP%\ConquerO.exe" "ConquerO.exe" ENABLE
- '%TEMP%\ConquerO.exe'
- %TEMP%\ConquerO.exe
- 'wa####h.hopto.org':5552
- DNS ASK wa####h.hopto.org