Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'Micosofot-Net Click0nce' = '"%APPDATA%\Microsfot Edge\Micosofot-Net Click0nce.exe"'
- %APPDATA%\microsfot edge\micosofot-net click0nce.exe
- '19#.#.79.233':80
- '19#.#88.22.218':4449
- 'microsoft.com':80
- http://19#.#.79.233/loader/uploads/Gjqhinzhzr.bmp
- http://www.microsoft.com/pki/certs/MicRooCerAut_2010-06-23.crt
- '19#.#88.22.218':4449
- DNS ASK microsoft.com
- '%WINDIR%\syswow64\windowspowershell\v1.0\powershell.exe' -enc UwB0AGEAcgB0AC0AUwBsAGUAZQBwACAALQBTAGUAYwBvAG4AZABzACAANQAwAA==' (со скрытым окном)
- '%WINDIR%\syswow64\windowspowershell\v1.0\powershell.exe' -enc UwB0AGEAcgB0AC0AUwBsAGUAZQBwACAALQBTAGUAYwBvAG4AZABzACAANQAwAA==