Техническая информация
- %WINDIR%\services.exe
- %APPDATA%\microsoft\crypto\rsa\s-1-5-21-1960123792-2022915161-3775307078-1001\cb7f2717d65ae79aa94150972556680c_36d1130a-ac2e-44f7-9dc1-e424fbcbe0ee
- %APPDATA%\microsoft\crypto\rsa\s-1-5-21-1960123792-2022915161-3775307078-1001\cb7f2717d65ae79aa94150972556680c_36d1130a-ac2e-44f7-9dc1-e424fbcbe0ee
- 'te######ware00.duckdns.org':80
- DNS ASK te######ware00.duckdns.org
- ClassName: 'EDIT' WindowName: ''
- '%WINDIR%\services.exe'
- '<SYSTEM32>\schtasks.exe' /create /f /sc ONSTART /RL HIGHEST /tn "'services"' /tr "'%WINDIR%\services.exe"'' (со скрытым окном)
- '<SYSTEM32>\schtasks.exe' /create /f /sc ONSTART /RL HIGHEST /tn "'services"' /tr "'%WINDIR%\services.exe"'