Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run] 'Lsass Service' = '%APPDATA%\Microsoft\Windows\lsass.exe'
- [<HKLM>\SYSTEM\ControlSet001\Services\BITS] 'Start' = '00000002'
- %APPDATA%\Microsoft\Windows\lsass.exe
- %APPDATA%\Microsoft\Windows\BIT1.tmp
- %APPDATA%\Microsoft\Windows\lsass.exe
- %APPDATA%\Microsoft\Windows\cmp.stm
- %APPDATA%\Microsoft\Windows\lsass.exe
- %APPDATA%\Microsoft\Windows\BIT1.tmp в %APPDATA%\Microsoft\Windows\cmp.stm
- 'co###host.net':80
- 'localhost':1038
- 'wp#d':80
- co###host.net/l/cmp.php?ai###################################################################
- wp#d/wpad.dat
- DNS ASK co###host.net
- DNS ASK wp#d