Техническая информация
- <SYSTEM32>\tasks\svchost
- %TEMP%\pjcehznane.exe
- %TEMP%\dfggotl.exe
- %APPDATA%\anydesk\ad.trace
- %APPDATA%\anydesk\user.conf
- %APPDATA%\anydesk\service.conf
- %APPDATA%\anydesk\system.conf
- %TEMP%\gcapi.dll
- %APPDATA%\subdir\client.exe
- %TEMP%\pjcehznane.exe
- %APPDATA%\subdir\client.exe
- %TEMP%\gcapi.dll
- 'ba#####abryn.ddns.net':4782
- 'bo#####.net.anydesk.com':443
- 're#######9f538.net.anydesk.com':80
- DNS ASK bo#####.net.anydesk.com
- DNS ASK re#######9f538.net.anydesk.com
- DNS ASK ba#####abryn.ddns.net
- '%TEMP%\pjcehznane.exe'
- '%TEMP%\dfggotl.exe'
- '%TEMP%\dfggotl.exe' --local-service
- '%TEMP%\dfggotl.exe' --local-control
- '%APPDATA%\subdir\client.exe'
- '<SYSTEM32>\schtasks.exe' /create /tn "svchost" /sc ONLOGON /tr "%TEMP%\Pjcehznane.exe" /rl HIGHEST /f
- '<SYSTEM32>\schtasks.exe' /create /tn "svchost" /sc ONLOGON /tr "%APPDATA%\SubDir\Client.exe" /rl HIGHEST /f