Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'f1c5611c15452be9ab9d19c0661ae785' = '"%TEMP%\WindowsRun.exe" ..'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'f1c5611c15452be9ab9d19c0661ae785' = '"%TEMP%\WindowsRun.exe" ..'
- [<HKLM>\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] '%TEMP%\WindowsRun.exe' = '%TEMP%\WindowsRun.exe:*:Enabled:WindowsRun.e...
- '<SYSTEM32>\netsh.exe' firewall add allowedprogram "%TEMP%\WindowsRun.exe" "WindowsRun.exe" ENABLE
- %TEMP%\WindowsRun.exe
- 'se####44.sytes.net':5552
- DNS ASK se####44.sytes.net
- '%TEMP%\WindowsRun.exe'