Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] '%TEMP%\Yes1.exe' = '%TEMP%\Yes1.exe:*:Enabled:nnmfwcdd'
- [<HKLM>\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] '%TEMP%\Yes1.exe' = '%TEMP%\Yes1.exe:*:Enabled:zjycphej'
- %TEMP%\Yes1.exe %TEMP%\Yes2.exe
- %TEMP%\Yes1.exe %TEMP%\Yes1.exe
- <SYSTEM32>\netsh.exe firewall add allowedprogram "%TEMP%\Yes1.exe" zjycphej ENABLE
- <SYSTEM32>\netsh.exe firewall add allowedprogram "%TEMP%\Yes1.exe" nnmfwcdd ENABLE
- %TEMP%\tmp3.tmp
- %TEMP%\tmp4.tmp
- %TEMP%\Yes1.exe
- %TEMP%\Yes2.exe
- %TEMP%\tmp4.tmp
- %TEMP%\tmp3.tmp
- '95.##4.202.164':5447