Техническая информация
- %APPDATA%\microsoft\windows\start menu\programs\startup\windows defender.exe
- %TEMP%\fud.bat
- %TEMP%\hey.exe
- %TEMP%\windows defender.exe
- '40.##4.87.103':5000
- http://40.###.87.103:5000/new via 40.##4.87.103
- ClassName: 'EDIT' WindowName: ''
- '%TEMP%\hey.exe' -d%LOCALAPPDATA%\Temp
- '%TEMP%\windows defender.exe'
- '%WINDIR%\syswow64\cmd.exe' /c ""%TEMP%\fud.bat" "