Техническая информация
- %WINDIR%\Tasks\Watchmon Service.job
- [<HKLM>\SYSTEM\ControlSet001\Services\javatmsup] 'Start' = '00000002'
- '<SYSTEM32>\infsrv.exe' xoh
- '<SYSTEM32>\fsip.exe' /combine local system
- <SYSTEM32>\fsip.exe
- <SYSTEM32>\infsrv.exe
- <SYSTEM32>\cmsurl.exe
- %TEMP%\6ad595c1-ee29-4f3f-8024-470b03eaf7ef
- %TEMP%\6ad595c1-ee29-4f3f-8024-470b03eaf7ef в %TEMP%\ipnet.exe
- '18#.#16.32.164':21