Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Services\WdefService] 'Start' = '00000002'
- [<HKLM>\SYSTEM\ControlSet001\Services\WdefService] 'ImagePath' = '%ProgramFiles%\Windows Defender\wdefender.exe'
- %TEMP%\!!!(Pthc Pedo) Mom & Kids - 10Yo Boy & 12Yo Girl.mpg.mp4
- %TEMP%\In.vbs
- %TEMP%\VID001.exe
- %TEMP%\startx.bat
- %TEMP%\usernets.exe
- %TEMP%\VideoPlayer.exe
- %TEMP%\wdefenders.exe
- %ProgramFiles%\Windows Defender\wdefender.exe
- C:\ProgramData\Microsoft\Windows\usernet.exe
- C:\ProgramData\Microsoft\Windows\WmiSecSrv.exe
- %TEMP%\startx.bat
- 'ip###ger.com':443
- DNS ASK ip###ger.com
- ClassName: 'EDIT' WindowName: ''
- ClassName: 'MS_WINHELP' WindowName: ''
- '%TEMP%\VID001.exe'
- '<SYSTEM32>\wscript.exe' "%TEMP%\In.vbs"
- '%TEMP%\VideoPlayer.exe'
- '%TEMP%\wdefenders.exe' -phfpldfnhb
- '%TEMP%\usernets.exe' -phfpldfnhb
- '%ProgramFiles%\Windows Defender\wdefender.exe' /install /silent
- '%ProgramFiles%\Windows Defender\wdefender.exe'
- 'C:\ProgramData\Microsoft\Windows\usernet.exe'
- '<SYSTEM32>\rundll32.exe' <SYSTEM32>\shell32.dll,OpenAs_RunDLL %TEMP%\!!!(Pthc Pedo) Mom & Kids - 10Yo Boy & 12Yo Girl.mpg.mp4
- '<SYSTEM32>\cmd.exe' /c startx.bat
- '<SYSTEM32>\net.exe' start WdefService
- '<SYSTEM32>\net1.exe' start WdefService