Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] '279f6960ed84a752570aca7fb2dc1552' = '"%TEMP%\server.exe" ..'
- [<HKLM>\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run] '279f6960ed84a752570aca7fb2dc1552' = '"%TEMP%\server.exe" ..'
- '%WINDIR%\syswow64\netsh.exe' firewall add allowedprogram "%TEMP%\server.exe" "server.exe" ENABLE
- <SYSTEM32>\csrss.exe
- %TEMP%\server.exe
- %LOCALAPPDATA%\microsoft\clr_v4.0_32\usagelogs\<Имя файла>.exe.log
- %LOCALAPPDATA%\microsoft\clr_v4.0_32\usagelogs\server.exe.log
- %ProgramFiles%\UNP\Logs\UpdateNotificationPipeline.001.etl
- http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?08##############
- DNS ASK go.microsoft.com
- DNS ASK share.microsoft.com
- DNS ASK settings-win.data.microsoft.com
- DNS ASK maps.windows.com
- DNS ASK dl.delivery.mp.microsoft.com
- ClassName: 'OleMainThreadWndClass' WindowName: ''
- '%TEMP%\server.exe'
- '%WINDIR%\syswow64\netsh.exe' firewall add allowedprogram "%TEMP%\server.exe" "server.exe" ENABLE' (со скрытым окном)
- '<SYSTEM32>\devicecensus.exe' UserCxt