Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'MicrosoftВ® WindowsВ® Operating System' = '%APPDATA%\Microsoft\Protect\Credentials\taskhostt.exe'
- %WINDIR%\syswow64\explorer.exe
- wmpnetvk.exe
- %APPDATA%\microsoft\protect\credentials\wmpnetvk.exe
- %APPDATA%\microsoft\protect\credentials\taskhostt.exe
- %TEMP%\user2.txt
- %APPDATA%\userlog.dat
- %TEMP%\cyberst0rm.exe
- %TEMP%\user7
- %TEMP%\user8
- %APPDATA%\microsoft\protect\credentials\wmpnetvk.exe
- %APPDATA%\userlog.dat
- %TEMP%\user2.txt
- %TEMP%\user7
- %TEMP%\user8
- %TEMP%\user7
- %TEMP%\user8
- 'se##er.com':80
- DNS ASK se##er.com
- ClassName: 'shell_traywnd' WindowName: ''
- '%APPDATA%\microsoft\protect\credentials\taskhostt.exe'
- '%APPDATA%\microsoft\protect\credentials\wmpnetvk.exe'
- '%TEMP%\cyberst0rm.exe'
- '%WINDIR%\syswow64\cmd.exe'
- '%WINDIR%\syswow64\explorer.exe'