Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'Microsoft' = '"%TEMP%\Java32.exe"'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'Microsoft' = '"%APPDATA%\OfficeMicrosoft\0fficeMicrosoft.exe"'
- %TEMP%\java32.exe
- %TEMP%\programs.exe
- %APPDATA%\officemicrosoft\0fficemicrosoft.exe
- %APPDATA%\logs\06-24-2020
- %APPDATA%\officemicrosoft\0fficemicrosoft.exe
- 'sk#######esshost.ddns.com.br':4782
- 'wo######arhost.ddns.com.br':4782
- http://ip##pi.com/json/
- DNS ASK ip##pi.com
- DNS ASK sk#######esshost.ddns.com.br
- DNS ASK wo######arhost.ddns.com.br
- '%TEMP%\java32.exe'
- '%TEMP%\programs.exe'
- '%APPDATA%\officemicrosoft\0fficemicrosoft.exe'
- '%WINDIR%\syswow64\schtasks.exe' /create /tn "Microsoft" /sc ONLOGON /tr "%TEMP%\Java32.exe" /rl HIGHEST /f
- '%WINDIR%\syswow64\schtasks.exe' /create /tn "Microsoft" /sc ONLOGON /tr "%APPDATA%\OfficeMicrosoft\0fficeMicrosoft.exe" /rl HIGHEST /f