Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Control\Lsa] 'Security Packages' = 'kerberos wdigest msv1_0 schannel tspkg pku2u'
- '%TEMP%\Microsoft.Build.config'
- '%TEMP%\is-QEUJ7.tmp\Microsoft.Build.tmp' /SL5="$200E2,269824,0,%TEMP%\Microsoft.Build.config"
- '<SYSTEM32>\reg.exe' add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa" /v "Security Packages" /t REG_MULTI_SZ /d "kerberos wdigest msv1_0 schannel tspkg pku2u" /f
- '<SYSTEM32>\schtasks.exe' /create /sc onlogon /tn WindowUpdate /tr %WINDIR%\lsa.exe
- '<SYSTEM32>\schtasks.exe' /create /sc onlogon /tn DefenderUpdate /tr %WINDIR%\lsass.exe
- %TEMP%\Microsoft.Build.config
- %TEMP%\is-QEUJ7.tmp\Microsoft.Build.tmp
- %TEMP%\php3.tmp
- %TEMP%\php1.tmp
- %TEMP%\php2.tmp
- '19#.#2.126.216':80
- http:///lp.exe via 19#.#2.126.216
- ClassName: 'Shell_TrayWnd' WindowName: ''