Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '4bcc201bc26cc0d9ac36a729e45092e1' = '"%APPDATA%\cours.exe" ..'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] '4bcc201bc26cc0d9ac36a729e45092e1' = '"%APPDATA%\cours.exe" ..'
- %HOMEPATH%\Start Menu\Programs\Startup\4bcc201bc26cc0d9ac36a729e45092e1.exe
- [<HKLM>\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] '%APPDATA%\cours.exe' = '%APPDATA%\cours.exe:*:Enabled:cours.exe'
- '%APPDATA%\cours.exe'
- '<SYSTEM32>\netsh.exe' firewall add allowedprogram "%APPDATA%\cours.exe" "cours.exe" ENABLE
- %APPDATA%\cours.exe
- 'ya#####lylia.no-ip.biz':5552
- DNS ASK ya#####lylia.no-ip.biz
- ClassName: 'Indicator' WindowName: ''