Техническая информация
- [<HKCU>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'Windows Audio' = '%APPDATA%\Windows\dllhost.exe'
- svhost.exe
- %TEMP%\svhost.exe
- %APPDATA%\windows\dllhost.exe
- DNS ASK so###oproj.xyz
- '%TEMP%\svhost.exe'
- '<SYSTEM32>\schtasks.exe' /create /sc MINUTE /mo 1 /tn "Windows Service" /tr "%APPDATA%\Windows\dllhost.exe" /f' (со скрытым окном)
- '<SYSTEM32>\schtasks.exe' /create /sc MINUTE /mo 1 /tn "Windows Service" /tr "%APPDATA%\Windows\dllhost.exe" /f