Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'Win10SVC' = '%APPDATA%\Win10SVC.exe'
- %HOMEPATH%\Start Menu\Programs\Startup\Win10SVC.exe
- %WINDIR%\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe
- %APPDATA%\Win10SVC.exe
- %TEMP%\mtnxDpnFw.txt
- 'da##y3.tk':3333
- DNS ASK da##y3.tk
- '%APPDATA%\Win10SVC.exe'
- '<SYSTEM32>\schtasks.exe' /create /sc minute /mo 1 /tn "Windows Defender" /tr "%APPDATA%\Win10SVC.exe"
- '%WINDIR%\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe'