Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Services\Microsoft Accounts] 'Start' = '00000002'
- [<HKLM>\SYSTEM\ControlSet001\Services\Windows Security Manager] 'Start' = '00000002'
- %WINDIR%\wuscvc.exe
- C:\Happy.exe
- <SYSTEM32>\sc.exe Create "Microsoft Accounts" binPath= %WINDIR%\wuscvc.exe start= auto DisplayName= "wuscvc"
- <SYSTEM32>\sc.exe Start "Microsoft Accounts"
- <SYSTEM32>\sc.exe Create "Windows Security Manager" binPath= C:Windows\Svchost.exe start= auto DisplayName= "Svchost"
- <SYSTEM32>\sc.exe Start "Windows Security Manager"
- %TEMP%\aut3.tmp
- C:\Happy.exe
- C:\Bind.exe
- C:\bind.hef
- C:\Happy.hef
- C:\RAT.hef
- %TEMP%\aut1.tmp
- %TEMP%\aut2.tmp
- C:\Rat.exe
- C:\bind.hef
- C:\Happy.hef
- C:\RAT.hef
- %TEMP%\aut1.tmp
- %TEMP%\aut2.tmp
- %TEMP%\aut3.tmp
- C:\Rat.exe в %WINDIR%\wuscvc.exe
- C:\Bind.exe в %WINDIR%\Svchost.exe
- 'fr#####hter.no-ip.org':1695
- DNS ASK fr#####hter.no-ip.org
- ClassName: 'Shell_TrayWnd' WindowName: ''