Техническая информация
- %WINDIR%\Tasks\At1.job
- '<SYSTEM32>\at.exe' 16:15:00 /every:M,T,W,Th,F,S,Su cmd.exe "/c attrib -H <DRIVERS>\etc\hosts && copy %TEMP%\828178aq <DRIVERS>\etc\hosts /Y && attrib +H <DRIVERS>\etc\hosts"
- '<SYSTEM32>\wermgr.exe' -queuereporting
- C:\ProgramData\Microsoft\Crypto\RSA\S-1-5-18\d42cc0c3858a58db2db37658219e6400_fdaad129-04df-4089-bb80-174ce725f721
- <SYSTEM32>\Tasks\At1
- %TEMP%\828178aq
- <SYSTEM32>\Microsoft\Protect\S-1-5-18\User\e4b49dd1-16da-4bb2-994e-b044a2ccbe25
- 'hs##jld.pw':4915
- 'bj##yu.pw':4915
- DNS ASK hs##jld.pw
- DNS ASK dn#.##ftncsi.com
- DNS ASK bj##yu.pw