Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'e5958407bc9a89c9ea167521057f05fc' = '"%HOMEPATH%\svchost.exe" ..'
- [<HKLM>\Software\Microsoft\Windows\CurrentVersion\Run] 'e5958407bc9a89c9ea167521057f05fc' = '"%HOMEPATH%\svchost.exe" ..'
- %HOMEPATH%\start menu\programs\startup\e5958407bc9a89c9ea167521057f05fc.exe
- [<HKLM>\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] '%HOMEPATH%\svchost.exe' = '%HOMEPATH%\svchost.exe:*:Enabled:svchos...
- '<SYSTEM32>\netsh.exe' firewall add allowedprogram "%HOMEPATH%\svchost.exe" "svchost.exe" ENABLE
- svchost.exe
- %TEMP%\lomkjwq.exe
- %TEMP%\axxxxx.xml
- %HOMEPATH%\svchost.exe
- %TEMP%\azzzzz.xml
- %TEMP%\axxxxx.xml
- %TEMP%\azzzzz.xml
- DNS ASK tr#####58.duckdns.org
- '%HOMEPATH%\svchost.exe'
- '<SYSTEM32>\schtasks.exe' /Create /TN "Update\HwgugQ" /XML "%TEMP%\aXXXXX.xml"' (со скрытым окном)
- '<SYSTEM32>\schtasks.exe' /Create /TN "Update\HwgugQ" /XML "%TEMP%\azzzzz.xml"' (со скрытым окном)
- '<SYSTEM32>\netsh.exe' firewall add allowedprogram "%HOMEPATH%\svchost.exe" "svchost.exe" ENABLE' (со скрытым окном)
- '<SYSTEM32>\schtasks.exe' /Create /TN "Update\HwgugQ" /XML "%TEMP%\aXXXXX.xml"
- '<SYSTEM32>\schtasks.exe' /Create /TN "Update\HwgugQ" /XML "%TEMP%\azzzzz.xml"