Техническая информация
- %TEMP%\nswba2b.tmp\blowfish.dll
- %TEMP%\nswba2b.tmp\system.dll
- %TEMP%\tmp47721.tmp
- %TEMP%\nswba2b.tmp\nsunzip.dll
- %TEMP%\11.ps1
- %TEMP%\2.ps1
- %TEMP%\evil.ps1
- %TEMP%\apachesrvin.log
- %TEMP%\k4cxf1ay.0.cs
- %TEMP%\k4cxf1ay.cmdline
- %TEMP%\k4cxf1ay.out
- %TEMP%\csc34b9.tmp
- %TEMP%\res34ca.tmp
- %TEMP%\k4cxf1ay.dll
- %TEMP%\nswba2b.tmp\blowfish.dll
- %TEMP%\nswba2b.tmp\nsunzip.dll
- %TEMP%\nswba2b.tmp\system.dll
- %TEMP%\res34ca.tmp
- %TEMP%\csc34b9.tmp
- %TEMP%\k4cxf1ay.out
- %TEMP%\k4cxf1ay.0.cs
- %TEMP%\k4cxf1ay.dll
- %TEMP%\k4cxf1ay.pdb
- %TEMP%\k4cxf1ay.cmdline
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -ep bypass -f %TEMP%\11.ps1
- '<SYSTEM32>\cmd.exe' /c timeout -t 15& powershell -ep bypass -f %TEMP%\11.ps1' (со скрытым окном)
- '%WINDIR%\microsoft.net\framework64\v2.0.50727\csc.exe' /noconfig /fullpaths @"%TEMP%\k4cxf1ay.cmdline"' (со скрытым окном)
- '%WINDIR%\microsoft.net\framework64\v2.0.50727\cvtres.exe' /NOLOGO /READONLY /MACHINE:IX86 "/OUT:%TEMP%\RES34CA.tmp" "%TEMP%\CSC34B9.tmp"' (со скрытым окном)
- '<SYSTEM32>\cmd.exe' /c timeout -t 15& powershell -ep bypass -f %TEMP%\11.ps1
- '<SYSTEM32>\timeout.exe' -t 15
- '%WINDIR%\microsoft.net\framework64\v2.0.50727\csc.exe' /noconfig /fullpaths @"%TEMP%\k4cxf1ay.cmdline"
- '%WINDIR%\microsoft.net\framework64\v2.0.50727\cvtres.exe' /NOLOGO /READONLY /MACHINE:IX86 "/OUT:%TEMP%\RES34CA.tmp" "%TEMP%\CSC34B9.tmp"