Техническая информация
- %WINDIR%\Tasks\kw1aptyxo.job
- '<SYSTEM32>\conhost.exe'
- <Текущая директория>\7egf5
- %WINDIR%\Temp\MPTelemetrySubmit\client_manifest.txt
- %WINDIR%\Temp\MPTelemetrySubmit\watson_manifest.txt
- <SYSTEM32>\Microsoft\Protect\S-1-5-18\User\a9ca79ac-030c-42cf-87b6-30d88d2a27a8
- C:\ProgramData\Microsoft\Crypto\RSA\S-1-5-18\d42cc0c3858a58db2db37658219e6400_fdaad129-04df-4089-bb80-174ce725f721
- <SYSTEM32>\Tasks\kw1aptyxo
- 'fj######m.ow5dirasuek.com':80
- 'fj######m.mkkuei4kdsz.com':80
- 'fj#####jm.cumarut.net':80
- fj#####jm.cumarut.net/942/872.html
- fj######m.ow5dirasuek.com/594/419.html
- fj######m.mkkuei4kdsz.com/249/946.html
- fj######m.ow5dirasuek.com/347/323.html
- fj######m.mkkuei4kdsz.com/2/850.html
- fj#####jm.cumarut.net/709/512.html
- fj######m.mkkuei4kdsz.com/693/635.html
- fj#####jm.cumarut.net/397/317.html
- fj#####jm.cumarut.net/14/510.html
- fj#####jm.cumarut.net/957/840.html
- fj#####jm.cumarut.net/713/888.html
- fj######m.ow5dirasuek.com/259/316.html
- DNS ASK wa####.microsoft.com
- DNS ASK fj######m.ow5dirasuek.com
- DNS ASK fj######m.mkkuei4kdsz.com
- DNS ASK fj#####jm.cumarut.net
- '22#.0.0.252':5355