Техническая информация
- %WINDIR%\microsoft.net\framework\v4.0.30319\installutil.exe
- %TEMP%\noters.exe
- 'gu###medya.com':80
- '19#.#.97.203':7070
- http://gu###medya.com/loader/uploads/903_Xlawuzge.bmp
- '19#.#.97.203':7070
- DNS ASK gu###medya.com
- '%WINDIR%\syswow64\windowspowershell\v1.0\powershell.exe' –ExecutionPolicy Bypass Start-Process -FilePath '"%TEMP%\NOTERS.exe"'
- '%TEMP%\noters.exe'
- '%WINDIR%\syswow64\cmd.exe' /c timeout 2' (со скрытым окном)
- '%WINDIR%\syswow64\cmd.exe' /c start /b powershell –ExecutionPolicy Bypass Start-Process -FilePath '"%TEMP%\NOTERS.exe"' & exit' (со скрытым окном)
- '%WINDIR%\syswow64\windowspowershell\v1.0\powershell.exe' Start-Sleep -Seconds 10;Start-Sleep -Seconds 10;
- '%WINDIR%\syswow64\cmd.exe' /c timeout 2
- '%WINDIR%\syswow64\timeout.exe' 2
- '%WINDIR%\microsoft.net\framework\v4.0.30319\installutil.exe'
- '%WINDIR%\syswow64\cmd.exe' /c start /b powershell –ExecutionPolicy Bypass Start-Process -FilePath '"%TEMP%\NOTERS.exe"' & exit