Техническая информация
- %APPDATA%\microsoft\windows\start menu\programs\startup\hjdytuap.exe
- <SYSTEM32>\tasks\system file
- %WINDIR%\microsoft.net\framework\v4.0.30319\msbuild.exe
- %APPDATA%\logs\09-21-2019
- %TEMP%\me8pu0fydbx5.bat
- nul
- DNS ASK ip##pi.com
- DNS ASK fr###eoip.net
- DNS ASK ap#.#pify.org
- DNS ASK da####d.dynu.net
- '<SYSTEM32>\cmd.exe' /c ""%TEMP%\ME8pU0FydBX5.bat" "' (со скрытым окном)
- '%WINDIR%\microsoft.net\framework\v4.0.30319\msbuild.exe'
- '<SYSTEM32>\schtasks.exe' /create /tn "System File" /sc ONLOGON /tr "%WINDIR%\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe" /rl HIGHEST /f
- '<SYSTEM32>\cmd.exe' /c ""%TEMP%\ME8pU0FydBX5.bat" "
- '<SYSTEM32>\chcp.com' 65001
- '<SYSTEM32>\ping.exe' -n 10 localhost