Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'Windows Defender Services' = '%APPDATA%\services.exe'
- '%APPDATA%\services.exe'
- '<SYSTEM32>\cmd.exe' /c %TEMP%\delself.bat
- %TEMP%\delself.bat
- %APPDATA%\services.exe
- %APPDATA%\services.exe
- <Полный путь к файлу>
- '<L####NET>.137.128':80
- 'bo#.####ismyipaddress.com':80
- http://19#.#68.137.128/includes/tasks.php?hw####################### via <L####NET>.137.128
- http://bo#.####ismyipaddress.com/
- http://19#.#68.137.128/param.php via <L####NET>.137.128
- DNS ASK bo#.####ismyipaddress.com