Техническая информация
- '<SYSTEM32>\wisptis.exe' /ManualLaunch;
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -enco JABYAHUAcQB5AGYAdAB3AGMAZQBjAD0AJwBRAHkAdQB3AGIAagBwAGIAYQB2AGEAZwBrACcAOwAkAEMAZgBkAHAAYgB4AHYAYQBpACAAPQAgACcANwA5ADUAJwA7ACQAQQB5AHgAYQBmAHkAZABpAD0AJwBMAGwAYgBqAGIAYgB1AGoAbQAnADsAJAB...
- %WINDIR%\serviceprofiles\networkservice\appdata\locallow\microsoft\cryptneturlcache\metadata\f0accf77cdcbff39f6191887f6d2d357
- %WINDIR%\serviceprofiles\networkservice\appdata\locallow\microsoft\cryptneturlcache\content\f0accf77cdcbff39f6191887f6d2d357
- %HOMEPATH%\795.exe
- %HOMEPATH%\795.exe
- http://wo###oto.com/cgi2012/gnmxh-mb9xvzdg6d-390913/
- http://ma#######aweb.1parkplace.com/svyewvqG/
- http://ma#######aweb.1parkplace.com/svyewvqg/
- DNS ASK yo###books.in
- DNS ASK wo###oto.com
- DNS ASK bl##.ulyss.co
- DNS ASK ma#######aweb.1parkplace.com
- DNS ASK v1###ute.site
- '<SYSTEM32>\wisptis.exe' /ManualLaunch;' (со скрытым окном)
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -enco JABYAHUAcQB5AGYAdAB3AGMAZQBjAD0AJwBRAHkAdQB3AGIAagBwAGIAYQB2AGEAZwBrACcAOwAkAEMAZgBkAHAAYgB4AHYAYQBpACAAPQAgACcANwA5ADUAJwA7ACQAQQB5AHgAYQBmAHkAZABpAD0AJwBMAGwAYgBqAGIAYgB1AGoAbQAnADsAJAB...' (со скрытым окном)