Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'fa08b02884b46829bfe16c13d6cd1c42' = '"%TEMP%\Action!.exe" ..'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'fa08b02884b46829bfe16c13d6cd1c42' = '"%TEMP%\Action!.exe" ..'
- %HOMEPATH%\Start Menu\Programs\Startup\fa08b02884b46829bfe16c13d6cd1c42.exe
- '%TEMP%\Action!.exe'
- '%TEMP%\909.exe'
- '<SYSTEM32>\netsh.exe' firewall add allowedprogram "%TEMP%\Action!.exe" "Action!.exe" ENABLE
- %TEMP%\Action!.exe
- %TEMP%\909.exe
- ClassName: 'Indicator' WindowName: '(null)'