Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'svchsot' = ''
- %WINDIR%\Tasks\svhsot.job
- '<SYSTEM32>\wbem\wmiadap.exe' /R /T
- '<SYSTEM32>\schtasks.exe' /Create /tn "svhsot" /sc onlogon /ru "SYSTEM" /tr "%APPDATA%\svchsot.exe"
- %APPDATA%\svchsot.exe
- <SYSTEM32>\PerfStringBackup.TMP
- <SYSTEM32>\wbem\Performance\WmiApRpl.ini
- 'th###amma.com':80
- th###amma.com/bot3/d.html
- DNS ASK th###amma.com
- ClassName: 'Indicator' WindowName: ''