Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'Services' = '%WINDIR%\inf\1010\services.exe'
- скрытых файлов
- <SYSTEM32>\netsh.exe firewall set opmode mode = disable
- <SYSTEM32>\netsh.exe firewall set notifications mode = disable
- <SYSTEM32>\taskkill.exe -f -im TeaTimer.exe
- %WINDIR%\inf\1010\services.exe
- <SYSTEM32>\dd.dll
- <SYSTEM32>\ultravnc.ini
- %WINDIR%\inf\1010\services.exe
- 'any':1888
- 'any':1849
- 'any':17999
- 'any':1919
- 'any':59511
- 'any':23974
- 'any':1999
- 'any':1948
- DNS ASK ma#####533.no-ip.org
- ClassName: '' WindowName: ''
- ClassName: 'Indicator' WindowName: ''