Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\RunOnce] 'Windows Update' = '%APPDATA%\Windows Update\Windows Update.exe'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] '10931a9f532d043d955e159d940b1d2e' = '"%HOMEPATH%\winlogon32.exe" ..'
- [<HKLM>\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '10931a9f532d043d955e159d940b1d2e' = '"%HOMEPATH%\winlogon32.exe" ..'
- %APPDATA%\microsoft\windows\start menu\programs\startup\10931a9f532d043d955e159d940b1d2e.exe
- '%WINDIR%\syswow64\netsh.exe' firewall add allowedprogram "%HOMEPATH%\winlogon32.exe" "winlogon32.exe" ENABLE
- winlogon32.exe
- %APPDATA%\windows update\windows update.exe
- %HOMEPATH%\winlogon32.exe
- 'am#####22.duckdns.org':8000
- DNS ASK am#####22.duckdns.org
- '%HOMEPATH%\winlogon32.exe'
- '%WINDIR%\syswow64\netsh.exe' firewall add allowedprogram "%HOMEPATH%\winlogon32.exe" "winlogon32.exe" ENABLE' (со скрытым окном)