Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\services\msupdate] 'Start' = '00000002'
- [<HKLM>\SYSTEM\ControlSet001\services\msupdate] 'ImagePath' = '<SYSTEM32>\mssrv32.exe'
- '<SYSTEM32>\conhost.exe'
- '<SYSTEM32>\svchost.exe'
- <SYSTEM32>\svchost.exe
- %WINDIR%\Temp\MPTelemetrySubmit\watson_manifest.txt
- %WINDIR%\Temp\MPTelemetrySubmit\client_manifest.txt
- <SYSTEM32>\mssrv32.exe
- 'sh####xx.phpnet.us':80
- sh####xx.phpnet.us/stat.php
- DNS ASK sh####xx.phpnet.us
- '22#.0.0.252':5355