Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'baf879429b130c237627ce8b19f53e45' = '"%TEMP%\RTHDCPL.EXE" ..'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'baf879429b130c237627ce8b19f53e45' = '"%TEMP%\RTHDCPL.EXE" ..'
- [<HKLM>\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] '%TEMP%\RTHDCPL.EXE' = '%TEMP%\RTHDCPL.EXE:*:Enabled:RTHDCPL.EXE'
- '%TEMP%\RTHDCPL.EXE'
- '<SYSTEM32>\netsh.exe' firewall add allowedprogram "%TEMP%\RTHDCPL.EXE" "RTHDCPL.EXE" ENABLE
- %TEMP%\RTHDCPL.EXE
- 'de#####.#ervecounterstrike.com':9632
- DNS ASK de#####.#ervecounterstrike.com
- ClassName: 'Indicator' WindowName: '(null)'