Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'Credentials' = '%APPDATA%\Microsoft\Credentials\Credentials.exe -Embedding'
- <SYSTEM32>\ping.exe 127.0.0.1 -n 3
- <SYSTEM32>\cmd.exe /c ""%TEMP%\UnI1.bat" "
- %TEMP%\UnI1.bat
- %APPDATA%\Microsoft\Credentials\Credentials.dat
- %APPDATA%\Microsoft\Credentials\Credentials.exe
- ClassName: 'Indicator' WindowName: ''