Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'Winexec32' = '%WINDIR%\winexec32.exe'
- %ALLUSERSPROFILE%\Start Menu\Programs\Startup\win.exe
- [<HKLM>\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] '%WINDIR%\system\win.exe' = '%WINDIR%\system\win.exe:*:Enabled:RPCCC'
- '<SYSTEM32>\netsh.exe' firewall add allowedprogram %WINDIR%\system\win.exe RPCCC
- %WINDIR%\system\win.exe
- 'wo#######uga33.100webspace.net':80
- wo#######uga33.100webspace.net/contador.php
- DNS ASK wo#######uga33.100webspace.net