Техническая информация
- [<HKCU>\software\Microsoft\Windows\CurrentVersion\Run] '2ff382bdaa041225fed31ba91b58e5ec' = '"%APPDATA%\officeup.exe" ..'
- [<HKLM>\software\Microsoft\Windows\CurrentVersion\Run] '2ff382bdaa041225fed31ba91b58e5ec' = '"%APPDATA%\officeup.exe" ..'
- %APPDATA%\microsoft\windows\start menu\programs\startup\2ff382bdaa041225fed31ba91b58e5ec.exe
- '<SYSTEM32>\netsh.exe' firewall add allowedprogram "%APPDATA%\officeup.exe" "officeup.exe" ENABLE
- %TEMP%\979ac774-f1fe-46cd-bf97-10db0911e2cf\agiledotnetrt64.dll
- %APPDATA%\officeup.exe
- %APPDATA%\officeup.exe
- %APPDATA%\microsoft\windows\start menu\programs\startup\2ff382bdaa041225fed31ba91b58e5ec.exe
- 'os####x.myq-see.com':8009
- 'fu#####l.duckdns.org':2013
- DNS ASK os####x.myq-see.com
- DNS ASK fu#####l.duckdns.org
- '%APPDATA%\officeup.exe'
- '<SYSTEM32>\netsh.exe' firewall add allowedprogram "%APPDATA%\officeup.exe" "officeup.exe" ENABLE' (со скрытым окном)