Техническая информация
- [<HKCU>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'SettingSyncHost' = '%TEMP%\SettingSyncHost.exe'
- %TEMP%\settingsynchost.exe
- %TEMP%\updater.bat
- %TEMP%\casinoproxy.exe
- %TEMP%\settingsynchost.exe
- %TEMP%\updater.bat
- http://ic###azip.com/
- DNS ASK ic###azip.com
- DNS ASK nu##mu.wtf
- '%TEMP%\settingsynchost.exe'
- '%TEMP%\casinoproxy.exe'
- '<SYSTEM32>\cmd.exe' /c ""%TEMP%\Updater.bat" "
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -inputformat none -windowstyle hidden -outputformat none -NonInteractive -Command Add-MpPreference -ExclusionPath $ENV:USERPROFILE\AppData\Local\Temp