Техническая информация
- %HOMEPATH%\start menu\programs\startup\vrjyk.vbs
- %HOMEPATH%\start menu\programs\startup\windowsservices-fpkmk.lnk
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -Command Add-MpPreference -ExclusionPath '%APPDATA%'
- %APPDATA%\windowsservices\bcptk.cmd
- %APPDATA%\windowsservices\ckysf.ps1
- %APPDATA%\windowsservices\bcptk.cmd
- %HOMEPATH%\start menu\programs\startup\vrjyk.vbs
- %APPDATA%\windowsservices\ckysf.ps1
- 'ti####.duckdns.org':80
- http://ti####.duckdns.org/paste.txt
- DNS ASK ti####.duckdns.org
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -NoProfile -ExecutionPolicy Bypass -Command %APPDATA%\WindowsServices\CKYSF.ps1
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -Command Add-MpPreference -ExclusionPath '%APPDATA%'' (со скрытым окном)
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -Command Add-MpPreference -ExclusionExtension '.vbs'' (со скрытым окном)
- '<SYSTEM32>\cmd.exe' /c ""%APPDATA%\WindowsServices\BCPTK.cmd" "' (со скрытым окном)
- '<SYSTEM32>\wscript.exe' "<PATH_SAMPLE>.vbs" /elevate
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -Command Add-MpPreference -ExclusionExtension '.vbs'
- '<SYSTEM32>\cmd.exe' /c ""%APPDATA%\WindowsServices\BCPTK.cmd" "