Техническая информация
- <SYSTEM32>\tasks\123456
- C:\users\public\a.exe
- %WINDIR%\temp\31i2dfpy.inf
- http://www.microsoft.com/pki/certs/MicRooCerAut_2010-06-23.crt
- DNS ASK microsoft.com
- 'C:\users\public\a.exe'
- 'C:\users\public\a.exe' ' (со скрытым окном)
- '%WINDIR%\syswow64\cmstp.exe' /au %WINDIR%\temp\31i2dfpy.inf
- '<SYSTEM32>\taskeng.exe' {396C4C45-C1AB-4F67-96BA-F0FF9CA7233F} S-1-5-21-1960123792-2022915161-3775307078-1001:rawvbmltaqy\user:Interactive:[1]