Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run] 'WintestC' = '%APPDATA%\Microsoft\Credentials\FDFHost.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run] 'FolderMemory' = '%APPDATA%\Microsoft\Vault\ipfxpec.exe'
- %TEMP%\aut1.tmp
- %APPDATA%\Microsoft\Credentials\FDFHost.exe
- %TEMP%\aut2.tmp
- %APPDATA%\Microsoft\Vault\ipfxpec.exe
- %TEMP%\aut3.tmp
- %APPDATA%\Microsoft\CLR Security Config\15\casrr.exe
- %TEMP%\aut1.tmp
- %TEMP%\aut2.tmp
- %TEMP%\aut3.tmp
- '<SYSTEM32>\cmd.exe' /c SCHTASKS /Create /SC MINUTE /MO 3 /TN "NvProfileUpdaterToday" /TR "%APPDATA%\Microsoft\Credentials\FDFHost.exe"
- '<SYSTEM32>\schtasks.exe' /Create /SC MINUTE /MO 3 /TN "NvProfileUpdaterToday" /TR "%APPDATA%\Microsoft\Credentials\FDFHost.exe"