Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Services\The ShadowBrokers] 'Start' = '00000002'
- [<HKLM>\SYSTEM\ControlSet001\Services\The ShadowBrokers] 'ImagePath' = '<SYSTEM32>\eessec.exe'
- <SYSTEM32>\eessec.exe
- 'di##.9jiu8.com':2018
- DNS ASK di##.9jiu8.com
- '<SYSTEM32>\eessec.exe'