Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'update' = '%APPDATA%\Explorer.exe'
- %TEMP%\_mei29602\vcruntime140.dll
- %TEMP%\_mei29602\_bz2.pyd
- %TEMP%\_mei29602\_hashlib.pyd
- %TEMP%\_mei29602\_lzma.pyd
- %TEMP%\_mei29602\_socket.pyd
- %TEMP%\_mei29602\_ssl.pyd
- %TEMP%\_mei29602\pyexpat.pyd
- %TEMP%\_mei29602\python36.dll
- %TEMP%\_mei29602\reverse_backdoor.exe.manifest
- %TEMP%\_mei29602\select.pyd
- %TEMP%\_mei29602\unicodedata.pyd
- %TEMP%\_mei29602\base_library.zip
- %APPDATA%\explorer.exe
- %TEMP%\_mei29602\base_library.zip
- %TEMP%\_mei29602\pyexpat.pyd
- %TEMP%\_mei29602\python36.dll
- %TEMP%\_mei29602\reverse_backdoor.exe.manifest
- %TEMP%\_mei29602\select.pyd
- %TEMP%\_mei29602\unicodedata.pyd
- %TEMP%\_mei29602\vcruntime140.dll
- %TEMP%\_mei29602\_bz2.pyd
- %TEMP%\_mei29602\_hashlib.pyd
- %TEMP%\_mei29602\_lzma.pyd
- %TEMP%\_mei29602\_socket.pyd
- %TEMP%\_mei29602\_ssl.pyd
- '<LOCALNET>.215.144':443
- '<SYSTEM32>\cmd.exe' /c "reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Run /v update /t REG_SZ /d "%APPDATA%\Explorer.exe""' (со скрытым окном)
- '<SYSTEM32>\cmd.exe' /c "reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Run /v update /t REG_SZ /d "%APPDATA%\Explorer.exe""
- '<SYSTEM32>\reg.exe' add HKCU\Software\Microsoft\Windows\CurrentVersion\Run /v update /t REG_SZ /d "%APPDATA%\Explorer.exe"