Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'msg' = '"%APPDATA%\Office\0ffice.exe"'
- <SYSTEM32>\tasks\msg
- %APPDATA%\office\0ffice.exe
- %APPDATA%\logs\02-07-2020
- %APPDATA%\office\0ffice.exe
- 'sk#######esshost.ddns.com.br':4782
- 'wo######arhost.ddns.com.br':4782
- 'of####.minhaempresa.tv':4782
- http://ip##pi.com/json/
- DNS ASK pa###bin.com
- DNS ASK ip##pi.com
- DNS ASK sk#######esshost.ddns.com.br
- DNS ASK wo######arhost.ddns.com.br
- DNS ASK of####.minhaempresa.tv
- '%APPDATA%\office\0ffice.exe'
- '<SYSTEM32>\schtasks.exe' /create /tn "msg" /sc ONLOGON /tr "<Полный путь к файлу>" /rl HIGHEST /f
- '<SYSTEM32>\schtasks.exe' /create /tn "msg" /sc ONLOGON /tr "%APPDATA%\Office\0ffice.exe" /rl HIGHEST /f