Техническая информация
- <SYSTEM32>\tasks\svchost32
- %APPDATA%\svchost32.exe
- %TEMP%\tmp2ce9.tmp.bat
- nul
- 'ke#####.servehttp.com':4768
- 'microsoft.com':80
- 'ke#####.servehttp.com':4768
- DNS ASK ke#####.servehttp.com
- DNS ASK microsoft.com
- '%APPDATA%\svchost32.exe'
- '<SYSTEM32>\cmd.exe' /c schtasks /create /f /sc onlogon /rl highest /tn "svchost32" /tr '"%APPDATA%\svchost32.exe"' & exit' (со скрытым окном)
- '<SYSTEM32>\cmd.exe' /c schtasks /create /f /sc onlogon /rl highest /tn "svchost32" /tr '"%APPDATA%\svchost32.exe"' & exit
- '<SYSTEM32>\cmd.exe' /c ""%TEMP%\tmp2CE9.tmp.bat""
- '<SYSTEM32>\timeout.exe' 3
- '<SYSTEM32>\schtasks.exe' /create /f /sc onlogon /rl highest /tn "svchost32" /tr '"%APPDATA%\svchost32.exe"'