Техническая информация
- %APPDATA%\microsoft\windows\start menu\programs\startup\qojprajpx.lnk
- %APPDATA%\microsoft\windows\start menu\programs\startup\acustico.exe
- '%APPDATA%\microsoft\windows\start menu\programs\startup\acustico.exe'
- %HOMEPATH%\appdata\qojprajpx.vbs
- DNS ASK 30####.hopto.org
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -noexit [Reflection.Assembly]::'Load'((Get-ItemProperty HKCU:\Software\LtDOW).cXfodEsD).'EntryPoint'.'Invoke'($Null,$Null)' (со скрытым окном)
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -noexit [Reflection.Assembly]::'Load'((Get-ItemProperty HKCU:\Software\LtDOW).cXfodEsD).'EntryPoint'.'Invoke'($Null,$Null)