Technical Information
- <SYSTEM32>\tasks\'<File name>'
- <Current directory>\svchosts.exe
- nul
- http://ww####ro.myjino.ru//connection.php?pa#####################################################################################################################################################...
- http://ww####ro.myjino.ru//getCommand.php?id#####################
- DNS ASK ww####ro.myjino.ru
- '<Current directory>\svchosts.exe'
- '<SYSTEM32>\schtasks.exe' /create /f /sc ONSTART /RL HIGHEST /tn "'<File name>"' /tr "'<Full path to file>"'' (with hidden window)
- '<SYSTEM32>\cmd.exe' /C ping 1.1.1.1 -n 1 -w 4000 > Nul & Del "<Full path to file>"' (with hidden window)
- '<SYSTEM32>\cmd.exe' /C ping 1.1.1.1 -n 1 -w 4000 > Nul & Del "<Full path to file>"
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' Get-MpPreference -verbose
- '<SYSTEM32>\schtasks.exe' /create /f /sc ONSTART /RL HIGHEST /tn "'<File name>"' /tr "'<Full path to file>"'
- '<SYSTEM32>\ping.exe' 1.1.1.1 -n 1 -w 4000