Техническая информация
- '<SYSTEM32>\victim.exe' (загружен из сети Интернет)
- '<SYSTEM32>\cmd.exe' /S /D /c" exit"
- '<SYSTEM32>\victim.exe'
- '<SYSTEM32>\cmd.exe' /S /D /c" start /d"<SYSTEM32>\" victim.exe"
- '<SYSTEM32>\cmd.exe' /c echo off| start /d"<SYSTEM32>\" victim.exe|exit
- '<SYSTEM32>\cmd.exe' /S /D /c" echo off"
- <DRIVERS>\cccc.sys
- <SYSTEM32>\FileHiding.exe
- <SYSTEM32>\victim.exe
- <SYSTEM32>\InjectDll.dll
- <SYSTEM32>\ProcessHiding.exe
- '<L####NET>.1.109':80
- 'localhost':1039
- http://19#.#68.1.109/test/cccc.sys via <L####NET>.1.109
- http://19#.#68.1.109/test/FileHiding.exe via <L####NET>.1.109
- http://19#.#68.1.109/test/Victim.exe via <L####NET>.1.109
- http://19#.#68.1.109/test/InjectDll.dll via <L####NET>.1.109
- http://19#.#68.1.109/test/ProcessHiding.exe via <L####NET>.1.109