Техническая информация
- %APPDATA%\microsoft\windows\start menu\programs\startup\dpzlhlqa.exe
- ClassName: 'FilemonClass', WindowName: ''
- ClassName: 'PROCMON_WINDOW_CLASS', WindowName: ''
- ClassName: 'RegmonClass', WindowName: ''
- 'et#####usb.duckdns.org':443
- 'hx####i.duckdns.org':443
- http://et######sb.duckdns.org:443/1480313 via et#####usb.duckdns.org
- http://hx#####.duckdns.org:443/v/V_1204861.exe
- DNS ASK et#####usb.duckdns.org
- DNS ASK hx####i.duckdns.org
- ClassName: 'File Monitor - Sysinternals: www.sysinternals.com' WindowName: ''
- ClassName: 'Process Monitor - Sysinternals: www.sysinternals.com' WindowName: ''
- ClassName: 'Registry Monitor - Sysinternals: www.sysinternals.com' WindowName: ''
- ClassName: '18467-41' WindowName: ''
- '%WINDIR%\syswow64\cmd.exe' /C choice /C Y /N /D Y /T 3 & Del "<Полный путь к файлу>"' (со скрытым окном)
- '%WINDIR%\syswow64\windowspowershell\v1.0\powershell.exe' -Command Add-MpPreference -ExclusionPath '%APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup'
- '%WINDIR%\syswow64\windowspowershell\v1.0\powershell.exe' -Command Add-MpPreference -ExclusionProcess 'Software_Reporter_Tool.exe'
- '%WINDIR%\syswow64\cmd.exe' /C choice /C Y /N /D Y /T 3 & Del "<Полный путь к файлу>"
- '%WINDIR%\syswow64\choice.exe' /C Y /N /D Y /T 3