Техническая информация
- [<HKCU>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'HandlerSupporter' = '%PROGRAMDATA%\TaskSupport\TaskStarter.exe'
- %PROGRAMDATA%\tasksupport\taskstarter.exe
- %PROGRAMDATA%\tasksupport\taskstarter.exe
- http://oc##.thawte.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQwF4prw9S7mCbCEHD%2Fyl6nWPkczAQUe1tFz6%2FOy3r9MZIaarbzRutXSFACEEeXTXhzpbyrDS%2BzcBkvzl4%3D
- DNS ASK wo######.000webhostapp.com
- DNS ASK oc##.thawte.com
- '%PROGRAMDATA%\tasksupport\taskstarter.exe'
- '%PROGRAMDATA%\tasksupport\taskstarter.exe' ' (со скрытым окном)
- '%WINDIR%\syswow64\cmd.exe' /c ATTRIB +h +s %PROGRAMDATA%\TaskSupport
- '%WINDIR%\syswow64\attrib.exe' +h +s %PROGRAMDATA%\TaskSupport
- '%WINDIR%\syswow64\cmd.exe' /c ATTRIB +h +s %PROGRAMDATA%\TaskSupport\TaskUpdater.exe
- '%WINDIR%\syswow64\attrib.exe' +h +s %PROGRAMDATA%\TaskSupport\TaskUpdater.exe
- '%WINDIR%\syswow64\cmd.exe' /c ATTRIB +h +s %PROGRAMDATA%\TaskSupport\TaskStarter.exe
- '%WINDIR%\syswow64\attrib.exe' +h +s %PROGRAMDATA%\TaskSupport\TaskStarter.exe
- '%WINDIR%\syswow64\cmd.exe' /c reg add HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /v "HandlerSupporter" /d "%PROGRAMDATA%\TaskSupport\TaskStarter.exe" /f
- '%WINDIR%\syswow64\reg.exe' add HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /v "HandlerSupporter" /d "%PROGRAMDATA%\TaskSupport\TaskStarter.exe" /f