Техническая информация
- %WINDIR%\microsoft.net\framework\v4.0.30319\cvtres.exe
- %WINDIR%\microsoft.net\framework\v4.0.30319\cvtres.exe
- 'gi#####ssonfinger.xyz':80
- 'kn##n.co.ke':80
- 'kn##n.co.ke':443
- http://kn##n.co.ke/Componenteevryday.exe
- http://gi#####ssonfinger.xyz/
- http://gi#####ssonfinger.xyz/c2conf
- 'kn##n.co.ke':443
- DNS ASK gi#####ssonfinger.xyz
- DNS ASK kn##n.co.ke
- '%WINDIR%\syswow64\cmd.exe' /c timeout /nobreak /t 3 & fsutil file setZeroData offset=0 length=31047 "%WINDIR%\Microsoft.NET\Framework\v4.0.30319\cvtres.exe" & erase "%WINDIR%\Microsoft.NET\Framework\v4.0.30319\cvtres.exe...' (со скрытым окном)
- '%WINDIR%\microsoft.net\framework\v4.0.30319\cvtres.exe'
- '%WINDIR%\syswow64\cmd.exe' /c timeout /nobreak /t 3 & fsutil file setZeroData offset=0 length=31047 "%WINDIR%\Microsoft.NET\Framework\v4.0.30319\cvtres.exe" & erase "%WINDIR%\Microsoft.NET\Framework\v4.0.30319\cvtres.exe...
- '%WINDIR%\syswow64\timeout.exe' /nobreak /t 3
- '%WINDIR%\syswow64\fsutil.exe' file setZeroData offset=0 length=31047 "%WINDIR%\Microsoft.NET\Framework\v4.0.30319\cvtres.exe"