Техническая информация
- <SYSTEM32>\tasks\updateagent
- %TEMP%\nscd1b.tmp
- %APPDATA%\heartsender.exe
- %APPDATA%\payload.exe
- %APPDATA%\{103-145-l14}\updateagent.exe
- %APPDATA%\{103-145-l14}\updateagent.exe
- 'ip##pi.com':80
- '6.###.eu.ngrok.io':10835
- 'mr####rtools.com':80
- http://ip##pi.com/json/
- http://mr####rtools.com/web/updates/HeartSender/version.txt
- DNS ASK ip##pi.com
- DNS ASK 6.###.eu.ngrok.io
- DNS ASK mr####rtools.com
- '%APPDATA%\heartsender.exe'
- '%APPDATA%\payload.exe'
- '%APPDATA%\{103-145-l14}\updateagent.exe'
- '<SYSTEM32>\schtasks.exe' /create /tn "UpdateAgent" /sc ONLOGON /tr "%APPDATA%\payload.exe" /rl HIGHEST /f
- '<SYSTEM32>\schtasks.exe' /create /tn "UpdateAgent" /sc ONLOGON /tr "%APPDATA%\{103-145-L14}\UpdateAgent.exe" /rl HIGHEST /f