Техническая информация
- %APPDATA%\microsoft\windows\start menu\programs\startup\windows defender o.vbs
- https://onedrive.live.com/download?cid=62557c032ee91c96&resid=62557c032ee91c96%21148&authkey=adp-azpnc364twe
- https://onedrive.live.com/download?cid=62557c032ee91c96&resid=62557c032ee91c96%21139&authkey=ajlduy--ehi4xbc
- %HOMEPATH%\pictures\failee.exe
- %TEMP%\is-32it0.tmp\failee.tmp
- %TEMP%\is-u3rbp.tmp\_isetup\_setup64.tmp
- %HOMEPATH%\pictures\vvff.vbs
- 'tb####.#n.files.1drv.com':443
- 'mi#####ft.myiphost.com':4141
- 'on####ve.live.com':443
- '8u####.#n.files.1drv.com':443
- DNS ASK on####ve.live.com
- DNS ASK 8u####.#n.files.1drv.com
- DNS ASK tb####.#n.files.1drv.com
- DNS ASK mi#####ft.myiphost.com
- '%HOMEPATH%\pictures\failee.exe'
- '%TEMP%\is-32it0.tmp\failee.tmp' /SL5="$C0228,2362294,57856,%HOMEPATH%\Pictures\failee.exe"
- '<SYSTEM32>\wscript.exe' "%HOMEPATH%\Pictures\vvff.vbs"
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -noexit -en WwBBAHAAcABEAG8AbQBhAGkAbgBdADoAOgBDAHUAcgByAGUAbgB0AEQAbwBtAGEAaQBuAC4ATABvAGEAZAAoAFsAQwBvAG4AdgBlAHIAdABdADoAOgBGAHIAbwBtAGIAYQBzAGUANgA0AFMAdAByAGkAbgBnACgAKABOAGUAdwAtAE8AYgBqA...' (со скрытым окном)