Техническая информация
- %WINDIR%\explorer.exe
- %TEMP%\5vy7ck0y.0.cs
- %TEMP%\5vy7ck0y.cmdline
- %TEMP%\5vy7ck0y.out
- %TEMP%\csc2856.tmp
- %TEMP%\res2857.tmp
- %TEMP%\5vy7ck0y.dll
- %TEMP%\a7469944.ps1
- %TEMP%\res2857.tmp
- %TEMP%\csc2856.tmp
- %TEMP%\5vy7ck0y.cmdline
- %TEMP%\5vy7ck0y.0.cs
- %TEMP%\5vy7ck0y.dll
- %TEMP%\5vy7ck0y.pdb
- %TEMP%\5vy7ck0y.out
- %TEMP%\a7469944.ps1
- http://16#.#14.145.10/static/jquery.js
- DNS ASK pe###evax.org
- '%WINDIR%\microsoft.net\framework64\v2.0.50727\csc.exe' /noconfig /fullpaths @"%TEMP%\5vy7ck0y.cmdline"' (со скрытым окном)
- '%WINDIR%\microsoft.net\framework64\v2.0.50727\cvtres.exe' /NOLOGO /READONLY /MACHINE:IX86 "/OUT:%TEMP%\RES2857.tmp" "%TEMP%\CSC2856.tmp"' (со скрытым окном)
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -enc JAB4AD0ANAAwADAAMQAyADMANwAwADMAMAA7AFMAdABhAHIAdAAtAFMAbABlAGUAcAAgAC0ATQBpAGwAbABpAHMAZQBjAG8AbgBkAHMAIAA1ADAANwA7ACAAUgBlAG0AbwB2AGUALQBJAHQAZQBtACAAJABlAG4AdgA6AFgAWABYAFgAIAAtAEYAbwBy...
- '%WINDIR%\microsoft.net\framework64\v2.0.50727\csc.exe' /noconfig /fullpaths @"%TEMP%\5vy7ck0y.cmdline"
- '%WINDIR%\microsoft.net\framework64\v2.0.50727\cvtres.exe' /NOLOGO /READONLY /MACHINE:IX86 "/OUT:%TEMP%\RES2857.tmp" "%TEMP%\CSC2856.tmp"
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -ep bypass -nop -file "%TEMP%\\a7469944.ps1" "%TEMP%\\f9aa4d13.tmp"
- '<SYSTEM32>\systeminfo.exe'
- '<SYSTEM32>\tasklist.exe'
- '<SYSTEM32>\net.exe' view
- '<SYSTEM32>\ipconfig.exe' /all