Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '2a20129f4db13789c0d564df6bb370f4' = '"%TEMP%\Word.exe" ..'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] '2a20129f4db13789c0d564df6bb370f4' = '"%TEMP%\Word.exe" ..'
- %HOMEPATH%\Start Menu\Programs\Startup\2a20129f4db13789c0d564df6bb370f4.exe
- [<HKLM>\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] '%TEMP%\Word.exe' = '%TEMP%\Word.exe:*:Enabled:Word.exe'
- '<SYSTEM32>\netsh.exe' firewall add allowedprogram "%TEMP%\Word.exe" "Word.exe" ENABLE
- %TEMP%\Word.exe
- 'fr##.#ervegame.com':1177
- DNS ASK fr##.#ervegame.com
- '%TEMP%\Word.exe'