Техническая информация
- %WINDIR%\Tasks\JavaUpdater.job
- <SYSTEM32>\attrib.exe +s +h +r %WINDIR%\tasks\JavaUpdater.job
- <SYSTEM32>\schtasks.exe /Create /SC ONLOGON /TR "\"%APPDATA%\jusched.exe\"" /TN JavaUpdater /RU "NT Authority\System"
- %APPDATA%\jusched.exe
- %APPDATA%\jusched.exe
- 'ec####ion.com.pe':80
- 'wp#d':80
- wp#d/wpad.dat
- ec####ion.com.pe/webpanel/connect.php
- DNS ASK ec####ion.com.pe
- DNS ASK wp#d