Техническая информация
- [<HKCU>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'file.exe' = '%APPDATA%\file.exe'
- '<SYSTEM32>\taskkill.exe' /IM cmstp.exe /F
- <SYSTEM32>\cmstp.exe
- %APPDATA%\file.exe
- %TEMP%\cmstp.inf
- %APPDATA%\svchost.exe
- %APPDATA%\file.exe
- %APPDATA%\svchost.exe
- '95.##6.105.73':7707
- 'microsoft.com':80
- '95.##6.105.73':7707
- DNS ASK microsoft.com
- ClassName: '' WindowName: ''
- '<SYSTEM32>\cmstp.exe' /au "%TEMP%\CMSTP.inf"
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -inputformat none -outputformat none -NonInteractive -Command Add-MpPreference -ExclusionPath <Текущая директория>