Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'f966af0ab45e609e49417bc79b1a7393' = '"%TEMP%\ffsms.exe" ..'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'f966af0ab45e609e49417bc79b1a7393' = '"%TEMP%\ffsms.exe" ..'
- '%TEMP%\ffsms.exe'
- '<SYSTEM32>\netsh.exe' firewall add allowedprogram "%TEMP%\ffsms.exe" "ffsms.exe" ENABLE
- %TEMP%\ffsms.exe
- DNS ASK la####ze.ddns.net
- ClassName: 'Indicator' WindowName: '(null)'