Техническая информация
- [<HKCU>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'Defender' = '%APPDATA%\Defender.exe'
- %APPDATA%\microsoft\windows\start menu\programs\startup\defender.exe
- %WINDIR%\microsoft.net\framework\v4.0.30319\aspnet_compiler.exe
- %APPDATA%\tmp.exe
- %TEMP%\.exe
- %TEMP%\sghrhxjv.txt
- %APPDATA%\defender.exe
- %TEMP%\.exe
- %TEMP%\.exe
- 'localhost':333
- '<LOCALNET>.56.1':75
- DNS ASK rd###7.ddns.net
- '%APPDATA%\tmp.exe'
- '%APPDATA%\defender.exe'
- '%WINDIR%\microsoft.net\framework\v4.0.30319\aspnet_compiler.exe'