Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'ced1fccef1c1ac0c7082047a466dc681' = '"%TEMP%\WindowsServices.exe" ..'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'ced1fccef1c1ac0c7082047a466dc681' = '"%TEMP%\WindowsServices.exe" ..'
- %HOMEPATH%\Start Menu\Programs\Startup\ced1fccef1c1ac0c7082047a466dc681.exe
- [<HKLM>\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] '%TEMP%\WindowsServices.exe' = '%TEMP%\WindowsServices.exe:*:Enabled:Wi...
- '<SYSTEM32>\netsh.exe' firewall add allowedprogram "%TEMP%\WindowsServices.exe" "WindowsServices.exe" ENABLE
- %TEMP%\WindowsServices.exe
- %HOMEPATH%\Local Settings\Tempnet.exe
- 'ds####e0.ddns.net':1111
- DNS ASK ds####e0.ddns.net
- '%TEMP%\WindowsServices.exe'
- '%HOMEPATH%\Local Settings\Tempnet.exe'