Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'Winlogon' = '%WINDIR%\ctsmon.exe'
- %WINDIR%\ctsmon.exe
- <SYSTEM32>\net1.exe stop SharedAccess
- <SYSTEM32>\net.exe stop SharedAccess
- %TEMP%\WER00bc.dir00\wmiprvse.exe.hdmp
- %TEMP%\WER00bc.dir00\appcompat.txt
- %WINDIR%\ctsmon.exe
- %WINDIR%\dir
- %TEMP%\WER00bc.dir00\wmiprvse.exe.mdmp
- 'fe####y.no-ip.biz':6960
- DNS ASK fe####y.no-ip.biz