Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'Sound' = '%WINDIR%\Sound.bat'
- '<SYSTEM32>\conhost.exe'
- '<SYSTEM32>\taskkill.exe' /f /im explorer.exe
- %WINDIR%\Temp\MPTelemetrySubmit\client_manifest.txt
- %WINDIR%\Temp\MPTelemetrySubmit\watson_manifest.txt
- %WINDIR%\Sound.exe
- %WINDIR%\Sound.bat
- %WINDIR%\Sound.exe
- DNS ASK wa####.microsoft.com
- '22#.0.0.252':5355