Техническая информация
- [<HKLM>\System\CurrentControlSet\Services\zapserial] 'Start' = '00000002'
- [<HKLM>\System\CurrentControlSet\Services\zapserial] 'ImagePath' = '"<SYSTEM32>\zapserial.exe"'
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -w hidden -en JABWAG4AawBrAHAAYQBkAHMAbAByAHEAZwA9ACcATgBmAHgAcQB2AG0AYQBmAHMAZgB1AGcAJwA7ACQAQwBjAHIAZgBjAGoAdAB5AG8AaABhAGgAYgAgAD0AIAAnADEAMAA1ACcAOwAkAEkAZgB0AGMAcQB2AG8AaAA9ACcAVwB5AGsAZwB...
- %HOMEPATH%\105.exe
- %HOMEPATH%\105.exe в <SYSTEM32>\zapserial.exe
- http://18#.#5.143.170/JLbFruikalGCEAj0q7F
- DNS ASK in######.farmaciaartesanal.com
- DNS ASK ol###ehls.com
- '%HOMEPATH%\105.exe'
- '<SYSTEM32>\zapserial.exe'
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -w hidden -en JABWAG4AawBrAHAAYQBkAHMAbAByAHEAZwA9ACcATgBmAHgAcQB2AG0AYQBmAHMAZgB1AGcAJwA7ACQAQwBjAHIAZgBjAGoAdAB5AG8AaABhAGgAYgAgAD0AIAAnADEAMAA1ACcAOwAkAEkAZgB0AGMAcQB2AG8AaAA9ACcAVwB5AGsAZwB...' (со скрытым окном)