Техническая информация
- %APPDATA%\microsoft\windows\start menu\programs\startup\setup.js
- <SYSTEM32>\tasks\anydesk
- %TEMP%\setup.js
- %TEMP%\setup.exe
- %TEMP%\dllm.js
- %TEMP%\nsj65b8.tmp\system.dll
- %TEMP%\nsj65b8.tmp\modern-header.bmp
- %TEMP%\nsj65b8.tmp\modern-wizard.bmp
- %TEMP%\nsj65b8.tmp\nsdialogs.dll
- DNS ASK m9#.net
- DNS ASK wi#####n.publicvm.com
- ClassName: 'EDIT' WindowName: ''
- ClassName: '#32770' WindowName: ''
- '<SYSTEM32>\wscript.exe' "%TEMP%\setup.js"
- '<SYSTEM32>\wscript.exe' "%TEMP%\dllm.js"
- '%TEMP%\setup.exe'
- '<SYSTEM32>\schtasks.exe' /create /sc minute /mo 1 /tn anydesk /tr "%TEMP%\setup.js' (со скрытым окном)
- '<SYSTEM32>\wscript.exe' "%TEMP%\setup.js"' (со скрытым окном)
- '<SYSTEM32>\schtasks.exe' /create /sc minute /mo 1 /tn anydesk /tr "%TEMP%\setup.js
- '<SYSTEM32>\taskeng.exe' {FCBFC3FD-B9CF-4344-AA83-B12EE92B5620} S-1-5-21-2922372159-162323534-3872807762-1001:vuhauak\user:Interactive:[1]