Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'ASUS Com Service' = '"<SYSTEM32>\1.03.32\UnityCrashHandler64.exe"'
- <SYSTEM32>\tasks\asus com service
- <SYSTEM32>\tasks\windowssystemhost
- unitycrashhandler64.exe
- <SYSTEM32>\1.03.32\unitycrashhandler64.exe
- 'ge#######ted.chickenkiller.com':1337
- 'bo#####.chickenkiller.com':1337
- http://ip##pi.com/json/
- DNS ASK ip##pi.com
- DNS ASK ge#######ted.chickenkiller.com
- DNS ASK bo#####.chickenkiller.com
- '<SYSTEM32>\1.03.32\unitycrashhandler64.exe'
- '<SYSTEM32>\schtasks.exe' /create /tn "WINDOWSSYSTEMHOST" /tr "<SYSTEM32>\1.03.32\UnityCrashHandler64.exe" /sc MINUTE /MO 1' (со скрытым окном)
- '<SYSTEM32>\1.03.32\unitycrashhandler64.exe' ' (со скрытым окном)
- '<SYSTEM32>\schtasks.exe' /create /tn "ASUS Com Service" /sc ONLOGON /tr "<Полный путь к файлу>" /rl HIGHEST /f
- '<SYSTEM32>\schtasks.exe' /create /tn "ASUS Com Service" /sc ONLOGON /tr "<SYSTEM32>\1.03.32\UnityCrashHandler64.exe" /rl HIGHEST /f
- '<SYSTEM32>\schtasks.exe' /create /tn "WINDOWSSYSTEMHOST" /tr "<SYSTEM32>\1.03.32\UnityCrashHandler64.exe" /sc MINUTE /MO 1
- '<SYSTEM32>\taskeng.exe' {3AA07794-B7A1-4EB6-A7A4-84AAFE59F38B} S-1-5-21-2922372159-162323534-3872807762-1001:eumebdtpe\user:Interactive:[1]