Техническая информация
- [<HKLM>\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] 'Windows Host Service' = '%WINDIR%\temp\Windows Host Service.exe'
- %LOCALAPPDATA%\._livecode_\._5016a4aa009f0000000007e500000000d071491eaa3b08a0aa0ee67a6d9c8e86_000009e0.pid
- %WINDIR%\temp\windows host service.exe
- %LOCALAPPDATA%\._livecode_\._5016a4aa0011000000005d9f00000000d071491eaa3b08a0aa0ee67a6d9c8e86_00000214.pid
- %LOCALAPPDATA%\._livecode_\._5016a4aa009f0000000007e500000000d071491eaa3b08a0aa0ee67a6d9c8e86_000009e0.pid
- http://ma######dpro.atwebpages.com/1.txt
- DNS ASK ma######dpro.atwebpages.com
- '%WINDIR%\temp\windows host service.exe'
- '%WINDIR%\syswow64\cmd.exe' /C "net.exe config workstation"' (со скрытым окном)
- '%WINDIR%\syswow64\cmd.exe' /C "net.exe config workstation"
- '%WINDIR%\syswow64\net.exe' config workstation
- '%WINDIR%\syswow64\net1.exe' config workstation