Техническая информация
- %TEMP%\javadeployreg.log
- из <PATH_SAMPLE>.vbs в C:\users\appdata\roaming\microsoft\windows\start menu\programs\startup\<Имя файла>.vbs
- 'mc####eytighe.com':80
- http://mc####eytighe.com/newmon/attack.txt
- DNS ASK mc####eytighe.com
- ClassName: 'Static' WindowName: ''
- ClassName: 'MS_AutodialMonitor' WindowName: ''
- ClassName: 'MS_WebCheckMonitor' WindowName: ''
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' HTTP 404 Not Found The webpage cannot be found HTTP 404 Most likely causes: There might be a typing error in the address. If you clicked on a link, it may be out of date. What you ...' (со скрытым окном)
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' Move-item '<PATH_SAMPLE>.vbs' -Destination 'C:\Users\\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\<Имя файла>.vbs'' (со скрытым окном)
- '%ProgramFiles%\internet explorer\iexplore.exe' -Embedding
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' HTTP 404 Not Found The webpage cannot be found HTTP 404 Most likely causes: There might be a typing error in the address. If you clicked on a link, it may be out of date. What you ...
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' Move-item '<PATH_SAMPLE>.vbs' -Destination 'C:\Users\\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\<Имя файла>.vbs'