Техническая информация
- %WINDIR%\Tasks\Parker.job
- <SYSTEM32>\wscript.exe /B "%APPDATA%\msddn.vbs"
- <SYSTEM32>\schtasks.exe /Create /SC minute /mo 15 /TN Parker /TR "wscript.exe /B """%APPDATA%\msddn.vbs"""" /RU SYSTEM
- %APPDATA%\msddn.vbs
- %HOMEPATH%\nebp.vbe
- %ALLUSERSPROFILE%\idt
- %ALLUSERSPROFILE%\0
- %APPDATA%\msddn.vbs
- 'ms###.largamex.com':80
- ms###.largamex.com/mumfile/1.vbe.file
- DNS ASK ms###.largamex.com