Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'Local Security Authority Service' = '<SYSTEM32>\Isass.exe'
- [<HKLM>\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] '<SYSTEM32>\Isass.exe' = '<SYSTEM32>\Isass.exe:*:Enabled:Local Security Authority Service'
- <SYSTEM32>\Isass.exe
- <SYSTEM32>\cmd.exe /c ""<Текущая директория>\kalds.bat" "
- <Текущая директория>\kalds.bat
- <SYSTEM32>\Isass.exe
- <SYSTEM32>\Isass.exe
- 'sa#.###giivekorea.in':4676
- DNS ASK sa#.###gIivekorea.in