Техническая информация
- %APPDATA%\microsoft\windows\start menu\programs\startup\setup.js
- <SYSTEM32>\tasks\anydesk
- %TEMP%\setup.js
- %TEMP%\setup.exe
- %TEMP%\dllm.js
- DNS ASK m9#.net
- DNS ASK ms###.publicvm.com
- ClassName: 'EDIT' WindowName: ''
- '%WINDIR%\syswow64\wscript.exe' "%TEMP%\setup.js"
- '%WINDIR%\syswow64\wscript.exe' "%TEMP%\dllm.js"
- '%TEMP%\setup.exe'
- '<SYSTEM32>\wscript.exe' "%TEMP%\setup.js"
- '%WINDIR%\syswow64\schtasks.exe' /create /sc minute /mo 1 /tn anydesk /tr "%TEMP%\setup.js' (со скрытым окном)
- '<SYSTEM32>\wscript.exe' "%TEMP%\setup.js"' (со скрытым окном)
- '<SYSTEM32>\schtasks.exe' /create /sc minute /mo 1 /tn anydesk /tr "%TEMP%\setup.js' (со скрытым окном)
- '%WINDIR%\syswow64\schtasks.exe' /create /sc minute /mo 1 /tn anydesk /tr "%TEMP%\setup.js
- '<SYSTEM32>\taskeng.exe' {1F967831-2562-4C7D-B085-C3FF273D990C} S-1-5-21-1960123792-2022915161-3775307078-1001:kfyriouk\user:Interactive:[1]
- '<SYSTEM32>\schtasks.exe' /create /sc minute /mo 1 /tn anydesk /tr "%TEMP%\setup.js