Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Services\microsoftdefender] 'Start' = '00000002'
- [<HKLM>\SYSTEM\ControlSet001\Services\microsoftdefender] 'ImagePath' = '<SYSTEM32>\microsoftdefender.exe'
- %TEMP%\data.dat
- %TEMP%\NO.FOTO.exe
- %TEMP%\2\install.bat
- %TEMP%\2\microsoftdefender.exe
- %TEMP%\2\wget.exe
- %TEMP%\2\cmd.bat
- <SYSTEM32>\microsoftdefender.exe
- C:\1\cmd.bat
- C:\1\wget.exe
- %TEMP%\2\cmd.bat
- %TEMP%\2\install.bat
- %TEMP%\2\microsoftdefender.exe
- %TEMP%\2\wget.exe
- '17.#dns.me':1717
- DNS ASK 17.#dns.me
- ClassName: 'EDIT' WindowName: ''
- '%TEMP%\NO.FOTO.exe'
- '<SYSTEM32>\microsoftdefender.exe'
- '<SYSTEM32>\cmd.exe' /c ""%TEMP%\2\install.bat" "
- '<SYSTEM32>\sc.exe' create microsoftdefender binpath= "<SYSTEM32>\microsoftdefender.exe" start= auto
- '<SYSTEM32>\sc.exe' start microsoftdefender