Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'Windows Defender' = '%APPDATA%\app\winlogon.exe.exe'
- %APPDATA%\app\winlogon.exe.exe
- <SYSTEM32>\notepad.exe "%TEMP%\180" private shells.txt
- %APPDATA%\app\winlogon.exe.exe
- %APPDATA%\app\Set.bin
- %TEMP%\180 private shells.txt
- %TEMP%\Builded.exe
- 'un####sal-fund.com':80
- un####sal-fund.com/admin/index.phpip.php
- un####sal-fund.com/admin/index.phpconnect.php
- DNS ASK un####sal-fund.com
- ClassName: 'Shell_TrayWnd' WindowName: ''