Техническая информация
- %APPDATA%\microsoft\windows\start menu\programs\startup\nyanxcat.vbs
- '%APPDATA%\windows\explore.exe'
- %APPDATA%\windows\explore.exe
- %APPDATA%\logs\06-18-2020
- 'localhost':5552
- http://ip##pi.com/json/
- DNS ASK ih####.#00webhostapp.com
- DNS ASK ip##pi.com
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -noexit -exec bypass -window 1 -Command Copy-Item '<PATH_SAMPLE>.vbs' '%APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup\NYANxCAT.vbs'; $text = ((Get-ItemProperty HKCU:\Software\NYANxCAT\...' (со скрытым окном)
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -noexit -exec bypass -window 1 -Command Copy-Item '<PATH_SAMPLE>.vbs' '%APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup\NYANxCAT.vbs'; $text = ((Get-ItemProperty HKCU:\Software\NYANxCAT\...