Техническая информация
- [<HKCU>\Software\Microsoft\windows\CurrentVersion\Run] 'Opera' = 'TVqQAAMAAAAEAAAA'
- [<HKCU>\Software\Microsoft\windows\CurrentVersion\Run] 'Micro' = 'AALgAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgAAAAA4fug4AtAnNIbgBTM0hVGhpcyBwcm'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'b08888bc54857145258e5a01d7e79133' = '"%ALLUSERSPROFILE%\system.exe" ..'
- [<HKLM>\Software\Microsoft\Windows\CurrentVersion\Run] 'b08888bc54857145258e5a01d7e79133' = '"%ALLUSERSPROFILE%\system.exe" ..'
- %APPDATA%\microsoft\windows\start menu\programs\startup\b08888bc54857145258e5a01d7e79133.exe
- '<SYSTEM32>\netsh.exe' firewall add allowedprogram "%ALLUSERSPROFILE%\system.exe" "system.exe" ENABLE
- %ALLUSERSPROFILE%\system.exe
- 'fu#####hacker.ddns.net':5552
- DNS ASK fu#####hacker.ddns.net
- '%ALLUSERSPROFILE%\system.exe'
- '<SYSTEM32>\netsh.exe' firewall add allowedprogram "%ALLUSERSPROFILE%\system.exe" "system.exe" ENABLE' (со скрытым окном)