Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] '%TEMP%' = '%APPDATA%\{1O5FE9-874ZZ-811B-40456F8-2266A5}\%TEMP%.exe'
- %APPDATA%\{1O5FE9-874ZZ-811B-40456F8-2266A5}\%TEMP%.exe
- %TEMP%\2.exe
- <SYSTEM32>\net1.exe stop sharedaccess
- <SYSTEM32>\net.exe stop sharedaccess
- <SYSTEM32>\rundll32.exe <SYSTEM32>\shimgvw.dll,ImageView_Fullscreen %TEMP%\1.jpg
- %APPDATA%\{1O5FE9-874ZZ-811B-40456F8-2266A5}\%TEMP%.exe
- %TEMP%\1.jpg
- %TEMP%\2.exe
- %TEMP%\~DFFBB2.tmp
- 'ma####gx.no-ip.biz':9481
- DNS ASK ma####gx.no-ip.biz
- ClassName: 'Indicator' WindowName: ''
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: 'ShImgVw:CPreviewWnd' WindowName: ''