Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '0f018cd4de80f310189ac6108f48f9d6' = '"%TEMP%\J-S-E.exe" ..'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] '0f018cd4de80f310189ac6108f48f9d6' = '"%TEMP%\J-S-E.exe" ..'
- %HOMEPATH%\Start Menu\Programs\Startup\0f018cd4de80f310189ac6108f48f9d6.exe
- [<HKLM>\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] '%TEMP%\J-S-E.exe' = '%TEMP%\J-S-E.exe:*:Enabled:J-S-E.exe'
- '<SYSTEM32>\netsh.exe' firewall add allowedprogram "%TEMP%\J-S-E.exe" "J-S-E.exe" ENABLE
- '%TEMP%\J-S-E.exe'
- %TEMP%\J-S-E.exe
- 'jo######ria.publicvm.com':5552
- DNS ASK jo######ria.publicvm.com