Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'vvvv' = '"%APPDATA%\MICROSOFT\vvvv.vbs"'
- [<HKLM>\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] '%WINDIR%\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe' = '%WINDIR%\M...
- '<SYSTEM32>\wscript.exe' "%TEMP%\vvvv.vbs"
- '<SYSTEM32>\netsh.exe' firewall add allowedprogram "%WINDIR%\MICROSOFT.NET\FRAMEWORK\V2.0.50727\MSBUILD.EXE" "MSBUILD.EXE" ENABLE
- '%WINDIR%\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe'
- '<SYSTEM32>\regsvr32.exe' /I /S "%TEMP%\HOUDINI.BIN"
- %WINDIR%\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe
- %APPDATA%\Microsoft\vvvv.vbs
- %TEMP%\HOUDINI.BIN
- %TEMP%\WarCommanderPatch.exe
- %TEMP%\vvvv.vbs
- 'id###f.ddns.net':666
- DNS ASK id###f.ddns.net
- ClassName: 'Indicator' WindowName: ''