Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Services\Network Adapter Events] 'Start' = '00000002'
- '<SYSTEM32>\mslghwjk.exe' /service
- '<SYSTEM32>\reg.exe' export "HKLM\SOFTWARE\Policies\Microsoft" "%WINDIR%\TEMP\expregkey"
- '<SYSTEM32>\reg.exe' export "HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server" "%WINDIR%\TEMP\expregkey"
- '<SYSTEM32>\reg.exe' export "HKLM\SYSTEM\CurrentControlSet\Services\TermService" "%WINDIR%\TEMP\expregkey"
- %WINDIR%\Temp\expregkey
- <SYSTEM32>\mslghwjk.exe
- %ALLUSERSPROFILE%\Application Data\_rdp_1.1.4.DBG.log
- %WINDIR%\Temp\expregkey
- 'di##digi.cc':80
- di##digi.cc/query.php
- DNS ASK di##digi.cc