Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'SoftwareDistribution' = 'Rundll32 Shell32.dll,ShellExec_RunDLL %WINDIR%\SoftwareDistribution\DataStore\Logs\edb.chk'
- [<HKLM>\SOFTWARE\Classes\chkfile\shell\open\command] '' = '"%TEMP%\svсhоst.exe" "%1"'
- %TEMP%\svсhоst.exe chk
- <SYSTEM32>\netsh.exe advfirewall firewall add rule name=InH dir=in action=allow protocol=TCP localport=54321
- <SYSTEM32>\netsh.exe advfirewall firewall add rule name=InS dir=in action=allow protocol=TCP localport=13579
- <SYSTEM32>\wscript.exe "%TEMP%\setup.js"
- %TEMP%\setup.js
- %TEMP%\svсhоst.exe
- %TEMP%\setup.js