Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'Microsoft (R) Adress Book Import Tool' = '<SYSTEM32>\WABMIT.EXE'
- [<HKLM>\SOFTWARE\Microsoft\Active Setup\Installed Components\{FF33BACA-D6AA-D75B-7949-40DA0A4F4B55}] 'StubPath' = '<SYSTEM32>\WABMIT.EXE'
- %WINDIR%\Explorer.EXE
- iexplore.exe
- ClassName: 'PROCMON_WINDOW_CLASS' WindowName: ''
- ClassName: 'RegMonClass' WindowName: ''
- ClassName: 'FileMonClass' WindowName: ''
- <SYSTEM32>\WABMIT.EXE
- %ALLUSERSPROFILE%\Application Data\TEMP:F47094CA
- '21#.#26.192.12':3389
- '21#.8.106.7':3389
- '21#.#43.83.28':3389
- '78.#1.34.53':3389
- '78.##.76.154':3389