Техническая информация
- [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '安全防护中心模块' = 'C:\Users\Public\Documents\MM\svchos.exe'
- %ALLUSERSPROFILE%\3.txt
- C:\users\public\documents\mm\libcef.dll
- C:\users\public\documents\mm\svchos.exe
- 'fs######fu.7moor-fs1.com':443
- 'oc##.#igicert.cn':80
- '38.##.15.242':6060
- '38.##.15.242':443
- http://oc##.#igicert.cn/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEANnihZNYn0Q7n1uAg7HHnk%3D
- http://oc##.#igicert.cn/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTAYhVVBolGXL98B12VBQmMNc4EWAQUmtkNEMnEX0wy0ufwG61Kpi0lO9QCEAh%2BTyqv7uWN0S0Qkr2oj%2BM%3D
- 'fs######fu.7moor-fs1.com':443
- DNS ASK fs######fu.7moor-fs1.com
- DNS ASK oc##.#igicert.cn
- '38.##.15.242':6061
- '%WINDIR%\syswow64\cmd.exe' /c md C:\Users\Public\Documents\MM (со скрытым окном)