Техническая информация
- <SYSTEM32>\tasks\'svhost'
- %TEMP%\svhost.exe
- %TEMP%\tmp4f5a.tmp.bat
- nul
- '18#.#26.114.20':8808
- '18#.#26.114.20':7707
- '18#.#26.114.20':6606
- 'pa###bin.com':443
- DNS ASK pa###bin.com
- '%TEMP%\svhost.exe'
- '%WINDIR%\syswow64\schtasks.exe' /create /f /sc ONLOGON /RL HIGHEST /tn "'svhost"' /tr "'%TEMP%\svhost.exe"'' (со скрытым окном)
- '%WINDIR%\syswow64\schtasks.exe' /create /f /sc ONLOGON /RL HIGHEST /tn "'svhost"' /tr "'%TEMP%\svhost.exe"'
- '%WINDIR%\syswow64\cmd.exe' /c ""%TEMP%\tmp4F5A.tmp.bat""
- '%WINDIR%\syswow64\timeout.exe' 3