Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] 'Google Chrome' = 'cmd /c "start "Google Chrome" "%ProgramFiles%\Chrome\Chrome.exe"'
- %HOMEPATH%\Start Menu\Programs\Startup\sSeXfJlh91.eu.url
- '<SYSTEM32>\schtasks.exe' /create /NP /sc onlogon /tn "Google Chrome" /rl highest /tr "'%ProgramFiles%\Chrome\Chrome.exe' /startup" /f
- '<SYSTEM32>\reg.exe' ADD "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce" /v "Google Chrome" /d "cmd /c """start """Google Chrome""" """%ProgramFiles%\Chrome\Chrome.exe"""" /f"
- <SYSTEM32>\reg.exe
- %TEMP%\hLuj6dKM4.Ap
- %APPDATA%\Google Chrome\Screenshots\02-14-2017\9.21 PM
- %APPDATA%\sSeXfJlh91\sSeXfJlh91.exe
- %TEMP%\aut1.tmp
- %TEMP%\aut1.tmp
- из <Полный путь к файлу> в %ProgramFiles%\Chrome\Chrome.exe
- '18#.#14.55.22':9633
- 'cr#####7.duckdns.org':9633
- DNS ASK cr#####7.duckdns.org