Техническая информация
- [<HKCU>\software\Microsoft\Windows\CurrentVersion\Run] 'f52943c8f1c3a2eb537dd6ae7d37c10c' = '"<SYSTEM32>\WindowsPowerShell\v1.0\powershell.exe" ..'
- [<HKLM>\software\Microsoft\Windows\CurrentVersion\Run] 'f52943c8f1c3a2eb537dd6ae7d37c10c' = '"<SYSTEM32>\WindowsPowerShell\v1.0\powershell.exe" ..'
- '<SYSTEM32>\netsh.exe' firewall add allowedprogram "<SYSTEM32>\WindowsPowerShell\v1.0\powershell.exe" "powershell.exe" ENABLE
- 'localhost':4563
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -noexit -exec bypass -window 1 -Command $text = ((Get-ItemProperty HKCU:\Software\NYANxCAT\).NYANxCAT); $text = -join $text[-1..-$text.Length]; [AppDomain]::CurrentDomain.Load([Convert]::FromB...' (со скрытым окном)
- '<SYSTEM32>\netsh.exe' firewall add allowedprogram "<SYSTEM32>\WindowsPowerShell\v1.0\powershell.exe" "powershell.exe" ENABLE' (со скрытым окном)
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -noexit -exec bypass -window 1 -Command $text = ((Get-ItemProperty HKCU:\Software\NYANxCAT\).NYANxCAT); $text = -join $text[-1..-$text.Length]; [AppDomain]::CurrentDomain.Load([Convert]::FromB...