Техническая информация
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -Command "[System.IO.File]::WriteAllBytes('%LOCALAPPDATA%\Microsoft\UiNexual.zip', [System.Convert]::FromBase64String([System.IO.File]::ReadAllText('%LOCALAPPDATA%\Microsoft\UiNexual.zip.b64'))...
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -Command "Expand-Archive -Path '%LOCALAPPDATA%\Microsoft\UiNexual.zip' -DestinationPath '%APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup'"
- %LOCALAPPDATA%\microsoft\windows\<INETFILES>\content.ie5\dyps348i\config14[1].txt
- %LOCALAPPDATA%\microsoft\uinexual.zip.b64
- %LOCALAPPDATA%\microsoft\uinexual.zip
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -Command "[System.IO.File]::WriteAllBytes('%LOCALAPPDATA%\Microsoft\UiNexual.zip', [System.Convert]::FromBase64String([System.IO.File]::ReadAllText('%LOCALAPPDATA%\Microsoft\UiNexual.zip.b64'))... (со скрытым окном)
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -Command "Expand-Archive -Path '%LOCALAPPDATA%\Microsoft\UiNexual.zip' -DestinationPath '%APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup'" (со скрытым окном)