Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] '6b7de5b81abd41304455f580fb6cc8ce' = '"%TEMP%\Windows Wordpad Application.exe" ..'
- [<HKLM>\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '6b7de5b81abd41304455f580fb6cc8ce' = '"%TEMP%\Windows Wordpad Application.exe" ..'
- '%WINDIR%\syswow64\netsh.exe' firewall add allowedprogram "%TEMP%\Windows Wordpad Application.exe" "Windows Wordpad Application.exe" ENABLE
- %TEMP%\windows wordpad application.exe
- %TEMP%\windows wordpad application.exe
- 'il####.duckdns.org':56574
- DNS ASK il####.duckdns.org
- '%TEMP%\windows wordpad application.exe'
- '%WINDIR%\syswow64\netsh.exe' firewall add allowedprogram "%TEMP%\Windows Wordpad Application.exe" "Windows Wordpad Application.exe" ENABLE' (со скрытым окном)
- '%WINDIR%\syswow64\netsh.exe' firewall delete allowedprogram "%TEMP%\Windows Wordpad Application.exe"' (со скрытым окном)
- '%WINDIR%\syswow64\cmd.exe' /c ping 0 -n 2 & del "%TEMP%\Windows Wordpad Application.exe"' (со скрытым окном)
- '%WINDIR%\syswow64\netsh.exe' firewall delete allowedprogram "%TEMP%\Windows Wordpad Application.exe"
- '%WINDIR%\syswow64\cmd.exe' /c ping 0 -n 2 & del "%TEMP%\Windows Wordpad Application.exe"
- '%WINDIR%\syswow64\ping.exe' 0 -n 2