Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'Pot' = '"%ALLUSERSPROFILE%\Application Data\na7sdbfpa\adb7daf.exe"'
- '<SYSTEM32>\ping.exe' 127.0.0.1 -n 1 -w 5000
- '%ALLUSERSPROFILE%\Application Data\na7sdbfpa\adb7daf.exe'
- '<SYSTEM32>\schtasks.exe' /CREATE /SC ONLOGON /RL HIGHEST /TN Pot /F /TR "%ALLUSERSPROFILE%\Application Data\na7sdbfpa\adb7daf.exe"
- '<SYSTEM32>\cmd.exe' /C ping 127.0.0.1 -n 1 -w 5000 > Nul & Del "<Полный путь к файлу>" & "%ALLUSERSPROFILE%\Application Data\na7sdbfpa\adb7daf.exe" & exit
- %ALLUSERSPROFILE%\Application Data\na7sdbfpa\adb7daf.exe
- 'op.###nelhost4.me':80
- http://op.###nelhost4.me/admin/gate.php
- DNS ASK op.###nelhost4.me