Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] '%TEMP%\WCLJ4_Moro.exe' = '%TEMP%\WCLJ4_Moro.exe:*:Enabled:WCLJ4_Moro.e...
- '<SYSTEM32>\netsh.exe' firewall add allowedprogram "%TEMP%\WCLJ4_Moro.exe" "WCLJ4_Moro.exe" ENABLE
- '<SYSTEM32>\ntvdm.exe' -f -i1
- '%TEMP%\WCLJ4_Moro.exe'
- %TEMP%\WCLJ4_Moro1.exe
- %WINDIR%\Temp\scs3.tmp
- %WINDIR%\Temp\scs4.tmp
- %TEMP%\aut1.tmp
- %TEMP%\WCLJ4_Moro.exe
- %TEMP%\aut2.tmp
- %WINDIR%\Temp\scs3.tmp
- %WINDIR%\Temp\scs4.tmp
- %TEMP%\aut1.tmp
- %TEMP%\aut2.tmp
- 'ba####7.ddns.net':3158
- DNS ASK ba####7.ddns.net
- ClassName: 'ConsoleWindowClass' WindowName: 'ntvdm-b10.b18.380001'