Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'e8dfe0af662b7352ca609aeb0fee7f40' = '"%APPDATA%\localhost.exe" ..'
- [<HKLM>\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] 'e8dfe0af662b7352ca609aeb0fee7f40' = '"%APPDATA%\localhost.exe" ..'
- '%WINDIR%\syswow64\netsh.exe' firewall add allowedprogram "%APPDATA%\localhost.exe" "localhost.exe" ENABLE
- %APPDATA%\localhost.exe
- 'en#####-3.thddns.net':6770
- DNS ASK en#####-3.thddns.net
- '%APPDATA%\localhost.exe'
- '%WINDIR%\syswow64\netsh.exe' firewall add allowedprogram "%APPDATA%\localhost.exe" "localhost.exe" ENABLE' (со скрытым окном)