Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'Host-process' = '"%APPDATA%\Microsoft\Network\Connections\hostdl.exe"'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'Windows Defender' = '"%APPDATA%\Microsoft\Windows Defender\defender.exe"'
- %TEMP%\mxcc51cb.0.cs
- %TEMP%\mxcc51cb.cmdline
- %TEMP%\mxcc51cb.out
- %APPDATA%\microsoft\internet explorer\history
- %APPDATA%\microsoft\network\connections\hostdl.exe
- %TEMP%\4wcoxqts.0.cs
- %TEMP%\4wcoxqts.cmdline
- %TEMP%\4wcoxqts.out
- %APPDATA%\microsoft\internet explorer\history
- %APPDATA%\microsoft\network\connections\hostdl.exe
- %TEMP%\mxcc51cb.cmdline
- %TEMP%\mxcc51cb.out
- %TEMP%\mxcc51cb.0.cs
- %TEMP%\4wcoxqts.out
- %TEMP%\4wcoxqts.cmdline
- %TEMP%\4wcoxqts.0.cs
- 'ip###ger.com':443
- DNS ASK ip###ger.com
- DNS ASK r3####j4.beget.tech
- '%APPDATA%\microsoft\network\connections\hostdl.exe'
- '%WINDIR%\microsoft.net\framework\v4.0.30319\csc.exe' /noconfig /fullpaths @"%TEMP%\mxcc51cb.cmdline"' (со скрытым окном)
- '%WINDIR%\microsoft.net\framework\v4.0.30319\csc.exe' /noconfig /fullpaths @"%TEMP%\4wcoxqts.cmdline"' (со скрытым окном)
- '%WINDIR%\microsoft.net\framework\v4.0.30319\csc.exe' /noconfig /fullpaths @"%TEMP%\mxcc51cb.cmdline"
- '%WINDIR%\microsoft.net\framework\v4.0.30319\csc.exe' /noconfig /fullpaths @"%TEMP%\4wcoxqts.cmdline"