Техническая информация
- [<HKLM>\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] 'win-dxcqs' = '%ProgramFiles(x86)%\TermssrvW\ScdReg.exe'
- <SYSTEM32>\tasks\win-dxcqs-sys
- %WINDIR%\syswow64\svchost.exe
- ClassName: 'OllyDbg', WindowName: ''
- %ProgramFiles(x86)%\termssrvw\dat
- %ProgramFiles(x86)%\termssrvw\hwsignature.dll
- %ProgramFiles(x86)%\termssrvw\scdreg.exe
- 'dh#.#xcqs.xyz':19123
- DNS ASK dh#.##ldpanther.xyz
- DNS ASK dh#.#xcqsa.xyz
- DNS ASK dh#.#xcqs.xyz
- DNS ASK dh#.##azaidream.xyz
- ClassName: 'CTXOPConntion_Class' WindowName: ''
- '%ProgramFiles(x86)%\termssrvw\scdreg.exe'
- '%WINDIR%\syswow64\schtasks.exe' /f /create /tn win-dxcqs-sys /RU SYSTEM /tr "%ProgramFiles(x86)%\TermssrvW\ScdReg.exe" /sc onstart' (со скрытым окном)
- '%WINDIR%\syswow64\schtasks.exe' /f /create /tn win-dxcqs-sys /RU SYSTEM /tr "%ProgramFiles(x86)%\TermssrvW\ScdReg.exe" /sc onstart
- '%WINDIR%\syswow64\svchost.exe' -hard 0
- '%WINDIR%\syswow64\svchost.exe' -hard 1
- '%WINDIR%\syswow64\svchost.exe' -hard 2
- '%WINDIR%\syswow64\svchost.exe' -hard 3