Техническая информация
- %APPDATA%\microsoft\windows\start menu\programs\startup\googlechromeupdatehandlerx64.vbs
- %APPDATA%\microsoft\windows\start menu\programs\startup\googlechromeupdatehandler.vbs
- C:\users\public\gk52gr00sd2e.ps1
- '18#.#1.157.203':80
- '18#.#1.157.172':6590
- http://18#.#1.157.203/1/Gk52Gr00sd2e.txt
- http://18#.##.157.172:6590/Vre via 18#.#1.157.172
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -ExecutionPolicy RemoteSigned -File C:\Users\Public\Gk52Gr00sd2e.PS1