Техническая информация
- %TEMP%\1.tmp\MadTransporter.bat
- %TEMP%\1.tmp\MadTransporter.sfx.exe
- %WINDIR%\MadTransporter.exe
- %TEMP%\azerty.exe
- %TEMP%\pass.txt
- %TEMP%\BlackStealer.txt
- %TEMP%\1.tmp\MadTransporter.sfx.exe
- %TEMP%\1.tmp\MadTransporter.bat
- 'wp#d':80
- 'fi###.#00webhost.com':21
- http://11#.#11.111.1/wpad.dat via wp#d
- DNS ASK wp#d
- DNS ASK fi###.#00webhost.com
- ClassName: 'EDIT' WindowName: ''
- '%TEMP%\1.tmp\MadTransporter.sfx.exe' -p117 -d%WINDIR%
- '%WINDIR%\MadTransporter.exe'
- '%TEMP%\azerty.exe' /stext %TEMP%\pass.txt
- '<SYSTEM32>\cmd.exe' /c ""%TEMP%\1.tmp\MadTransporter.bat" <Полный путь к файлу>"