Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '06ee34e6d682c70028c205c75e8b40c6' = '"%ALLUSERSPROFILE%\Winds.exe" ..'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] '06ee34e6d682c70028c205c75e8b40c6' = '"%ALLUSERSPROFILE%\Winds.exe" ..'
- %HOMEPATH%\Start Menu\Programs\Startup\06ee34e6d682c70028c205c75e8b40c6.exe
- [<HKLM>\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] '%ALLUSERSPROFILE%\Winds.exe' = '%ALLUSERSPROFILE%\Winds.exe:*:Enabled:...
- '<SYSTEM32>\netsh.exe' firewall add allowedprogram "%ALLUSERSPROFILE%\Winds.exe" "Winds.exe" ENABLE
- '%ALLUSERSPROFILE%\Winds.exe'
- %ALLUSERSPROFILE%\Winds.exe
- 'is#####ar05.ddns.net':5552
- DNS ASK is#####ar05.ddns.net