Техническая информация
- %WINDIR%\Tasks\At1.job
- '<SYSTEM32>\PING.EXE' -n 10 localhost
- '<SYSTEM32>\at.exe' 19:55:00 /every:T,M,Th,F,W,S,Su wmic.exe nicconfig where "IPEnabled=true" call SetDNSServerSearchOrder ("37.10.116.201", "8.8.8.8")
- <SYSTEM32>\Tasks\At1
- C:\ProgramData\Microsoft\Crypto\RSA\S-1-5-18\d42cc0c3858a58db2db37658219e6400_fdaad129-04df-4089-bb80-174ce725f721
- <SYSTEM32>\Microsoft\Protect\S-1-5-18\User\ed46959e-d604-46f5-a310-be6a2eee6962
- 'va##adle.pw':681
- 'le##yagy.pw':681
- DNS ASK va##adle.pw
- DNS ASK dn#.##ftncsi.com
- DNS ASK le##yagy.pw