Техническая информация
- %APPDATA%\microsoft\windows\start menu\programs\startup\windows security.exe
- '%WINDIR%\syswow64\taskkill.exe' /im "Windows Defender.exe"
- '%WINDIR%\syswow64\taskkill.exe' /f /im "Windows Defender.exe"
- %APPDATA%\winlogon.exe
- %APPDATA%\winlogon.exe
- 'so####recreator.net':80
- http://www.so####recreator.net/winlogon.exe
- http://www.we##at.net/webrat/ipaddress.php
- http://www.we##at.net/webrat/connect.php?in######################################################################################################################################################
- DNS ASK so####recreator.net
- DNS ASK we##at.net
- ClassName: '' WindowName: ''
- '%APPDATA%\winlogon.exe'
- '%APPDATA%\microsoft\windows\start menu\programs\startup\windows security.exe'
- '%WINDIR%\syswow64\cmd.exe'