Техническая информация
- %HOMEPATH%\Start Menu\Programs\Startup\windows.vbs
- [<HKLM>\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] '%TEMP%\RarSFX1\windows10.exe' = '%TEMP%\RarSFX1\windows10.exe:*:Enable...
- '<SYSTEM32>\netsh.exe' firewall add allowedprogram "%TEMP%\RarSFX1\windows10.exe" "windows10.exe" ENABLE
- %TEMP%\RarSFX1:{6B003200-4600-5900-5700-4B002B004600}
- %TEMP%\RarSFX1:{55003200-6A00-5000-6400-4F0077005900}
- %ALLUSERSPROFILE%\Application Data\Isolated Storage\{55003200-6A00-5000-6400-4F0077005900}
- %TEMP%\RarSFX0\file.exe
- %TEMP%\RarSFX0\jioqwh.vbs
- %TEMP%\RarSFX1\windows10.exe
- %TEMP%\RarSFX0\file.exe
- '09##.ddns.net':2020
- DNS ASK 09##.ddns.net
- ClassName: 'EDIT' WindowName: ''
- '%TEMP%\RarSFX1\windows10.exe'
- '%TEMP%\RarSFX0\file.exe' -puirws43keo
- '<SYSTEM32>\wscript.exe' "%TEMP%\RarSFX0\jioqwh.vbs"