Техническая информация
- %ALLUSERSPROFILE%\user lifecycle v8.3.8\0658f1b0.exe
- %TEMP%\tmpe88a.tmp.bat
- nul
- 'ch#####.amazonaws.com':80
- 'ip##pi.com':80
- '5.###.119.76':80
- 'se###gotls.xyz':80
- http://ch#####.amazonaws.com/
- http://ip##pi.com/json/95.211.190.199
- http://5.###.119.76/updhdl?me########
- DNS ASK ch#####.amazonaws.com
- DNS ASK ip##pi.com
- DNS ASK se###gotls.xyz
- '%ALLUSERSPROFILE%\user lifecycle v8.3.8\0658f1b0.exe'
- '<SYSTEM32>\cmd.exe' /c ""%TEMP%\tmpE88A.tmp.bat""
- '<SYSTEM32>\reg.exe' ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders" /f /v Startup /t REG_SZ /d "%ALLUSERSPROFILE%\User Lifecycle v8.3.8"
- '<SYSTEM32>\timeout.exe' 4