Техническая информация
- <SYSTEM32>\tasks\windows service
- %APPDATA%\clienthost_new.exe
- %APPDATA%\clienthost.exe
- %TEMP%\b0494a1f-4bd3-kx9rgv8jlgyigeoji9hdga==\system.data.sqlite.dll
- %APPDATA%\mozilla\firefox\profiles\gn7ryp3k.default\cookiescopy
- %APPDATA%\mozilla\firefox\profiles\gn7ryp3k.default\cookiescopy-shm
- %TEMP%\archd\firefoxcookies.txt
- %TEMP%\archd\osinfo.txt
- %TEMP%\archd\processes.txt
- %TEMP%\111.zip
- %APPDATA%\clienthost_new.exe
- %APPDATA%\clienthost.exe
- %APPDATA%\clienthost_new.exe
- %TEMP%\archd\firefoxcookies.txt
- %TEMP%\archd\osinfo.txt
- %TEMP%\archd\processes.txt
- %TEMP%\111.zip
- '45.##.229.175':22822
- 'ip##fo.io':443
- '45.##.229.175':1488
- '45.##.229.175':3555
- DNS ASK ip##fo.io
- '%APPDATA%\clienthost_new.exe'
- '%APPDATA%\clienthost.exe'
- '%WINDIR%\syswow64\schtasks.exe' /create /sc MINUTE /mo 1 /tn "Windows Service" /tr "%APPDATA%\ClientHost.exe" /f' (со скрытым окном)
- '%APPDATA%\clienthost.exe' ' (со скрытым окном)
- '%WINDIR%\syswow64\schtasks.exe' /create /sc MINUTE /mo 1 /tn "Windows Service" /tr "%APPDATA%\ClientHost.exe" /f
- '<SYSTEM32>\taskeng.exe' {1E8A202D-3E54-4D82-A0D1-87CAE4CB8307} S-1-5-21-1960123792-2022915161-3775307078-1001:qoseyuozrjqh\user:Interactive:[1]