Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'WindowsService' = '%WINDIR%\winser.exe'
- %HOMEPATH%\Start Menu\Programs\Startup\winser.exe
- <SYSTEM32>\net1.exe localgroup %USERNAME%s nightmare /add
- <SYSTEM32>\net1.exe user nightmare password /add
- %WINDIR%\winser.exe
- %HOMEPATH%\Start Menu\Programs\Startup\winser.exe
- %WINDIR%\winser.exe
- 'hu#####ing.comuf.com':80
- DNS ASK hu#####ing.comuf.com