Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '8169c5ff090bd440c900f2c65329a63b' = '"%TEMP%\405442MoDy.exe" ..'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] '8169c5ff090bd440c900f2c65329a63b' = '"%TEMP%\405442MoDy.exe" ..'
- %HOMEPATH%\Start Menu\Programs\Startup\8169c5ff090bd440c900f2c65329a63b.exe
- [<HKLM>\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] '%TEMP%\405442MoDy.exe' = '%TEMP%\405442MoDy.exe:*:Enabled:405442MoDy.e...
- '<SYSTEM32>\netsh.exe' firewall add allowedprogram "%TEMP%\405442MoDy.exe" "405442MoDy.exe" ENABLE
- '%TEMP%\405442MoDy.exe'
- %TEMP%\405442MoDy.exe
- 'mo####7.ddns.net':5552
- DNS ASK mo####7.ddns.net