Техническая информация
- %HOMEPATH%\Start Menu\Programs\Startup\8b5e91fb5ec260e94fa0b67b9ca6b9de.exe
- [<HKLM>\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] '%APPDATA%\windows\svcchost.exe' = '%APPDATA%\windows\svcchost.exe:*:En...
- '<SYSTEM32>\netsh.exe' firewall add allowedprogram "%APPDATA%\windows\svcchost.exe" "svcchost.exe" ENABLE
- '<SYSTEM32>\schtasks.exe' /Create /TN "Update\Update" /XML "%TEMP%\1967841416.xml"
- '<SYSTEM32>\schtasks.exe' /Create /TN "Update\Update" /XML "%TEMP%\1282266758.xml"
- '%APPDATA%\windows\svcchost.exe'
- '<SYSTEM32>\schtasks.exe' /Delete /TN "Update\Update" /F
- %TEMP%\1967841416.xml
- %TEMP%\72594524.xml
- %APPDATA%\windows\svcchost.exe
- %TEMP%\1282266758.xml
- %APPDATA%\windows\svcchost.exe
- %TEMP%\1967841416.xml
- %TEMP%\1282266758.xml
- 're####oh1.ddns.net':1805
- DNS ASK re####oh1.ddns.net